As more details about the data breach at Target begin to trickle out, security firms are developing different theories about the attack. But all parties agree the hackers were highly sophisticated.
The Associated Press reports a global cyber intelligence firm, iSight Partners of Dallas, says the malicious software that infiltrated the point of sale system at registers "almost certainly derived" from the software product known as BlackPOS.
iSight Partners works with the Department of Homeland Security and the U.S. Secret Service. According to the AP, iSight believes the attack appears to have affected a large number of retailers, including Target.
"The use of malware to compromise payment information storage systems is not new, the report said. "However, it is the first time we have seen this attack at this scale and sophistication."
According to the AP, iSight says the software can cover its tracks and organizations may not realize they are infected.
In addition to Target, Neiman Marcus said thieves also stole customers' payment information over the holiday shopping season. iSight does not identify other retailers that may have been affected though.
However, another security firm has a slightly different take.
Seculert says analysis of publicly available access logs indicate Target was the only retailer affected. The report says there is no indication of any relationship to the Neiman Marcus attack.
Seculert says the attack on Target occurred in two distinct phases. The malware initially compromised the point-of-sale equipment at Target then after a six-day pause a second phase hijacked a separate system within Target to transmit the hijacked clientele to an exterior server.
The transmissions occurred several times over a two-week period.
The Pioneer Press reports that security experts were not surprised by the criminals' multi-pronged attack described by Seculert.
Dipto Chakravarty, executive vice president of engineering and products at ThreatTrackSecurity told the Pioneer Press, "I'm not surprised by the two-stage attack on Target. Cybercriminals want to gather all the data first, then in a few motions, download the data. It's a very common attack pattern and likely to become increasingly so."
Target officials are expected to testify in early February in Washington on the breach, according to a press release from the House Commerce, Manufacturing and Trade Subcommittee.