FBI tells retailers to expect more cyber attacks
24th Jan 2014 | 17:00
Target data breach not the first or last
The FBI has warned retailers to brace themselves for more cyber attacks in 2014.
The agency discovered around 20 hacking cases in 2013 that used the same form of malicious software that infected retail chain Target, causing the second largest data breach in US history.
Detailed in a report to retail companies that was seen by news agency Reuters, it described the risk of 'memory-parsing' malware that infects point-of-sale (POS) systems like cash registers and checkout aisles.
Industry executives have become increasingly worried following the attack on Target, which ran undetected for 19 days during December 2013. As a result, the personal information of 70 million customers was compromised and 40 million credit and debit card records copied.
Valuable to hackers
In this and a related attack against Neiman Marcus, hackers used scraping technology to copy transaction data from the magnetic strip of customers' cards as they were used for purchases.
Being of high value, malware is being sold for as much as $6,000 in underground forums. The rewards of successfully attacking a retail store mean that the software creators are developing more sophisticated methodologies to remain undetected.
"The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors," the FBI said in the report.
Experts have advised retail chains to move quickly to improve their network security and analyse traffic patterns to identify any unusual activity. The FBI reported that most of the POS malware affected small to medium sized businesses, inflicting losses into the million of dollars.