Target cyber attack not isolated, warns FBI

The FBI has warned US retailers to prepare for further cyber attacks after linking Target cyber attack to 20 others

The FBI has warned US retailers to prepare for further cyber attacks after linking the malware used in the recent attack on Target to 20 other attacks in 2013.

In December, the third largest retailer in the US was hit by malware planted on point-of-sale (POS) terminals that was designed to steal payment card information.

The attack was detected only after 19 days, resulting in the theft of 40 million credit and debit card records. The personal information of 70 million customers was also compromised.

In a report sent to US retailers, the FBI warned that POS malware crime will continue to grow over the near term, according to Reuters.

The report said the availability of relatively low-cost malware and the potentially huge profits to be made from POS systems made this type of cyber crime attractive to “a wide range of actors”.

The attack on Target is believed to be the latest in a series of attacks on retailers using memory-parsing malware or RAM scrapers.

The malware is designed to extract payment data from the POS device’s memory before it is encrypted and passed on to a retailer’s payment processing provider.

The FBI report said one variant of the POS malware, known as Alina, included an option that allowed remote upgrades, making it more difficult to identify and remove.

Security experts advised that retailers move quickly to bolster their ability to analyse traffic patterns on their networks in real time to identify any anomalous activity.

The FBI report said most retailers hit by POS malware are small to mid-sized businesses, which typically lack the financial and skills resources of their larger counterparts.

Security industry commentators have said the breach at Target should serve as a warning to UK retailers and their customers.

Read more on Privacy and data protection