U.S. Retailers Warned By FBI of Further POS Malware Attacks
Retailers in the US have been warned by the FBI to prepare for further cyber attacks, according to Reuters.
Mon, January 27, 2014
A confidential FBI report has been distributed among US retailers, says Reuters, warning them that it has seen 20 similar attacks in the past year that were similar to the recent and widely reported Target Corp attack.
The FBI said the "memory-parsing" malware could be used in further attacks against point-of-sale (POS) systems.
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," says the FBI report, seen by Reuters.
The report went on, "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors."
The FBI confirmed to Reuters it had distributed the report. Target disclosed one of the biggest retail cyber attacks ever seen, after 40 million credit and debit card details were stolen over 19 days before being detected. The attack also saw the personal details of 70 million customers being compromised.
Fellow retailer Neiman Marcus also said it had become the victim of a similar malware attack, which saw 1.1 million customer card details being stolen.
Customers from both retail chains now face the threat of identity threat and losses from fraud.
Thieves in both cases are said to have used a "RAM scraper." When customers' cards are swiped and the details are sent to the retailer's payment processing provider, the data is encrypted. But RAM scrapers extract the information while it is in the computer's live memory - when it briefly appears as plain text.