You might have already heard about Target being the victim of a major security breach, one that compromised personal information of more than 70 million customers. The retailer was hit during the holiday shopping season, and it discovered that malware was installed on its point of sale registers, which lead to credit and debit card information being compromised as well. Luxury retailer Neiman Marcus also confirmed that it too had been the victim of a security breach. Security researchers claim that a few other major U.S. retailers have been targeted, but they have yet to be named. It seems that things aren’t going to get any easier for U.S. retailers, the FBI was warned them to prepare for more attacks involving the same malware that was used against Target.
FBI has sent a three-page confidential memo to retailers, detailing the threats from “memory-parsing” malware that lives on point of sale registers, which includes card-swiping machines and cash registers. Basically what the malware does is that it grabs transaction data from a customer’s credit or debit card when it shows up very briefly in the computer’s live memory, the window is quite short as the data is encrypted and then sent to the payment processing company. This memory-parsing malware is also referred to as a RAM scraper. The FBI mentions one particular variant of the popular malware, apparently called Alina, sells for as much as $6000 on underground forums and even lets hackers roll out remote upgrades, making it harder for security teams to identify it.
- 2014-03-25: Hackers Make ATMs Spit Out Cash By Sending A Text Message
- 2014-03-13: Target Hack Reportedly Detected By Its System But Went Ignored
- 2014-03-02: Sears Could Be Potential Victim Of A Security Breach
- 2014-02-27: 146K Indiana University Students' Personal Data Exposed
- 2014-02-27: British Spies Collected Yahoo Webcam Chat Images 'In Bulk'
- 2014-02-09: Swipe And Sign Cards May Not Work After October 2015
- 2014-02-04: Target Implementing New Credit Card Security Technology
- 2014-02-02: Target Hack Possibly Started With Vendor Credential Theft
- 2014-01-29: Target Hack Being Investigated By Justice Department