FBI Warns U.S. Retailers of More Cyber Attacks Like Target's
After the huge Target credit card breach during the holiday shopping season was announced, several other retailers were reported to have been affected by the same hackers or malware. Now the U.S. Federal Bureau of Investigation is warning U.S. retailers to prepare for more cyber attacks, as more cases of related to the Target hacking appear.
The FBI says it has discovered about 20 cases of hacking that involved the same malware that caused the huge data breach and exposure of information relating to millions of credit cards at Target stores over the holiday shopping season.
The FBI issued a confidential report to retail companies last week warning them of future attacks and describing the various risks involved with the malware, which can infect cash registers and credit-card swiping machines -- also known as point of sale (POS) systems.
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," said the FBI report, according to Reuters, which got its hands on the restricted document, titled "Recent Cyber Intrusion Events Directed Toward Retail Firms."
"The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors," the FBI said in the three-page report, released on Jan. 17.
News of the new cyber threat to retailers first hit the U.S. in mid-December, when security expert Brian Krebs wrote an anonymously-sourced report about data theft from Target stores, which was soon confirmed by Target. On Thursday, Dec. 19, Target announced that "it [was] aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores." Target also confirmed, "approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013."
The number of customers impacted by the malware later increased to 70 million, many of whose encrypted PINs, addresses, names, phone numbers, and email addresses were exposed as well.
Later, Neiman Marcus disclosed that it had been a target of credit card information-stealing malware from Jul. 16 to Oct. 30, 2013, which put 1.1 million customers' credit cards at risk. The upscale retailer described the malware as "clandestinely installed" in the company's credit card system, which then "actively attempted to collect or 'scrape' payment card data."
That "scraping" action describes the same modus operandi of the virus that infected Target's point of sale systems. Sometimes called BlackPOS and sometimes Alina, the malware is a variant on a common type of software used by cyber criminals called a "RAM scraper." The malware works by culling data from POS terminals' live memory in the brief moment that information from credit cards appears in plain text, before going through encryption and being stored in the company's payment system.
The FBI says the malicious POS software has been tracked for sale online, and some variants are becoming more sophisticated, causing retailers and cyber security consultants to worry. Said one cyber security consultant to Reuters, who remained anonymous:
"Everybody we work with in the retail space is scared to death because they don't have a lot of defenses to prepare against these types of attacks. This is not just based on anybody saying 'This is going to happen.' This is based on statistical data that the FBI is seeing."
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!