Expect more credit card data breaches: FBI warns retailers
Following the recent cyber attacks on popular retailers such as Target and Neiman Marcus, the FBI has issued a warning that the number of similar incidents in the future may escalate further. The warning was issued after the FBI investigated 20 previous incidents that used the same type of malware.
To warn the companies of the problem, the FBI sent out a three page report to retailers warning them about a 'memory-parsing' software that has the capability of compromising point-of-sale (POS) machines used in retail stores. However, the details of the report remain confidential. POS systems include credit card scanners and cash registers used to receive and document customer payment information. The report called Recent Cyber Intrusion Events Directed Toward Retail Firms was sent out to the retail companies on Jan. 17.
The memory-parsing malware used in the attacks is so sophisticated that it can retrieve customer information before the data is fully encrypted by a POS system. This type of malware is also referred to as a RAM scraper due to the nature of its operation.
'We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it,' says the FBI report.
The FBI also said that the malware used in previous attacks can be acquired through various hacking forums online. Due to the sheer amount of credit card transactions taking place in the US on a daily basis, this type of cybercrime can be very lucrative for unscrupulous individuals.
'The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retails POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors,' warns the bureau.
The recent December attack on Target was one of the largest cyber attacks ever documented and the personal data of over 70 million customers were stolen. Luxury retailer Neiman Marcus also said it was the victim of a data theft attack that lasted six months.