News Stay informed about the latest enterprise technology news and product updates.

FBI warns of memory-scraping malware in wake of Target breach

According to Reuters, the FBI has warned retailers that it's found about 20 other Target-like attacks involving memory-parsing point-of-sale malware.

The U.S. Federal Bureau of Investigation last week provided select retailers with a confidential, three-page document warning them to expect more cyberattacks like those that recently hit Target Corp. and Neiman Marcus, according to a report by Reuters.

In its warning titled, "Recent Cyber Intrusion Events Directed Toward Retail Firms", the FBI said in the past year it has uncovered around 20 cases of cyberattacks against retailers year that utilized similar methods to those uncovered in the Target incident. The agency pointed to "memory-parsing" malware, more commonly referred to as RAM scrapers or memory-scraping malware, as the source of the infections on point-of sale (POS) systems. RAM-scraper software scans memory in search of track data from payment cards that may be unencrypted.

"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," said the FBI in the report, seen by Reuters. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors."

The FBI pointed to Alina, a variant of POS malware, as an example of the increasingly sophisticated threats targeting retailers' aged and often inadequately secured point-of-sale systems. Alina enables attackers to perform remote upgrades, which reportedly makes identifying and removing it more difficult for IT security teams.

The FBI's warning comes after Minneapolis, Minn.-based Target admitted in December that criminals had stolen information on approximately 40 million credit and debit card numbers, immediately making it one of the largest data breaches in retail history. Through its investigation of the breach, the company later divulged that up to 70 million customers' personal data, including email addresses and phone numbers, had also been compromised in the same attack, though Target never clarified the possible overlap between the two sets of data.

Dallas-based luxury retailer Neiman Marcus admitted this month that about 1.1 million payment cards had been compromised at its stores from July 16 to October 30 of last year. In a letter to U.S. Senator Richard Blumenthal (D – CT), Neiman Marcus CIO Michael R. Kingston said that 2,400 cards stolen as part of the breach had been used so far and described the malware that infected the company's point-of-sale systems as "complex".

On Feb. 4, the commerce, manufacturing and trade subcommittee of the U.S. House of Representatives committee on energy and commerce will hold hearings on data breaches and their effect on consumers. Target is expected to testify about its own breach.

"By examining these recent breaches and their consequences on consumers, we hope to gain a better understanding of the nature of these crimes and what steps can be taken to further protect information and limit cyber threats," said House subcommittee chairman Lee Terry (R – NE).

Dig Deeper on Data security breaches

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Have you been in a Target or Wal-Mart or other large box store lately? I'm surprised they aren't compromised constantly. Or maybe they are and we're just not hearing about it. This stuff will continue until standards - higher standards - are set making security from register to Website a priority.
I tend to use cash when ever possible. As for the self check-out aisles, I won't use them with a credit or debit card. You never know if someone may be skimming your card data.. Until we change the way electronic payments are processed , we should all be a little more cautious.
Man, this article makes it sound pretty bad.  I bet even if they could fix it it would take time to build and replace the vulnerable devices which is likely capital intensive to boot.  Get ready to pay more at Walmart and Target for security, i think.