cyber security

Target cyber attack not isolated, warns FBI

Warwick Ashford

The FBI has warned US retailers to prepare for further cyber attacks after linking the malware used in the recent attack on Target to 20 other attacks in 2013.

In December, the third largest retailer in the US was hit by malware planted on point-of-sale (POS) terminals that was designed to steal payment card information.

hacked-binary-290x230-iSTOCK.jpg

The attack was detected only after 19 days, resulting in the theft of 40 million credit and debit card records. The personal information of 70 million customers was also compromised.

In a report sent to US retailers, the FBI warned that POS malware crime will continue to grow over the near term, according to Reuters.

The report said the availability of relatively low-cost malware and the potentially huge profits to be made from POS systems made this type of cyber crime attractive to “a wide range of actors”.

The attack on Target is believed to be the latest in a series of attacks on retailers using memory-parsing malware or RAM scrapers.

The malware is designed to extract payment data from the POS device’s memory before it is encrypted and passed on to a retailer’s payment processing provider.

The FBI report said one variant of the POS malware, known as Alina, included an option that allowed remote upgrades, making it more difficult to identify and remove.

Security experts advised that retailers move quickly to bolster their ability to analyse traffic patterns on their networks in real time to identify any anomalous activity.

The FBI report said most retailers hit by POS malware are small to mid-sized businesses, which typically lack the financial and skills resources of their larger counterparts.

Security industry commentators have said the breach at Target should serve as a warning to UK retailers and their customers.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy