The FBI has warned US retailers to prepare for further cyber attacks after linking the malware used in the recent attack on Target to 20 other attacks in 2013.
In December, the third largest retailer in the US was hit by malware planted on point-of-sale (POS) terminals that was designed to steal payment card information.
The attack was detected only after 19 days, resulting in the theft of 40 million credit and debit card records. The personal information of 70 million customers was also compromised.
In a report sent to US retailers, the FBI warned that POS malware crime will continue to grow over the near term, according to Reuters.
The report said the availability of relatively low-cost malware and the potentially huge profits to be made from POS systems made this type of cyber crime attractive to “a wide range of actors”.
The attack on Target is believed to be the latest in a series of attacks on retailers using memory-parsing malware or RAM scrapers.
More on data breaches
- Racing Post warns users of website breach
- Lakeland warns customers of potential data breach
- Target data breach creates poor retail customer experience
- The ICO issues BYOD warning after breach
- 2013 Cost of Data Breach Study: UK
- London council gets £70,000 penalty for data breach
- EU data breach disclosures to be enforced soon
- Another online firm hit by data breach
The malware is designed to extract payment data from the POS device’s memory before it is encrypted and passed on to a retailer’s payment processing provider.
The FBI report said one variant of the POS malware, known as Alina, included an option that allowed remote upgrades, making it more difficult to identify and remove.
Security experts advised that retailers move quickly to bolster their ability to analyse traffic patterns on their networks in real time to identify any anomalous activity.
The FBI report said most retailers hit by POS malware are small to mid-sized businesses, which typically lack the financial and skills resources of their larger counterparts.
Security industry commentators have said the breach at Target should serve as a warning to UK retailers and their customers.