FBI warns of memory-scraping malware in wake of Target breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping-malware-in-wake-of-Target-breach

The U.S. Federal Bureau of Investigation last week provided select
retailers with a confidential, three-page document warning them to expect
more cyberattacks like those that recently hit Target Corp. and Neiman
Marcus, according to a report by Reuters.

In its warning titled, "Recent Cyber Intrusion Events Directed Toward
Retail Firms", the FBI said in the past year it has uncovered around 20
cases of cyberattacks against retailers year that utilized similar methods
to those uncovered in the Target incident. The agency pointed to
"memory-parsing" malware, more commonly referred to as RAM scrapers or
memory-scraping malware, as the source of the infections on point-of sale
(POS) systems. RAM-scraper software scans memory in search of track data
from payment cards that may be unencrypted.

"We believe POS malware crime will continue to grow over the near term,
despite law enforcement and security firms' actions to mitigate it," said
the FBI in the report, seen by Reuters. "The accessibility of the malware
on underground forums, the affordability of the software and the huge
potential profits to be made from retail POS systems in the United States
make this type of financially motivated cyber crime attractive to a wide
range of actors."

The FBI pointed to Alina, a variant of POS malware, as an example of the
increasingly sophisticated threats targeting retailers' aged and often
inadequately secured point-of-sale systems. Alina enables attackers to
perform remote upgrades, which reportedly makes identifying and removing it
more difficult for IT security teams.

The FBI's warning comes after Minneapolis, Minn.-based Target admitted in
December that criminals had stolen information on approximately 40 million
credit and debit card numbers, immediately making it one of the largest
data breaches in retail history. Through its investigation of the breach,
the company later divulged that up to 70 million customers' personal data,
including email addresses and phone numbers, had also been compromised in
the same attack, though Target never clarified the possible overlap between
the two sets of data.

Dallas-based luxury retailer Neiman Marcus admitted this month that about
1.1 million payment cards had been compromised at its stores from July 16
to October 30 of last year. In a letter to U.S. Senator Richard Blumenthal
(D - CT), Neiman Marcus CIO Michael R. Kingston said that 2,400 cards
stolen as part of the breach had been used so far and described the malware
that infected the company's point-of-sale systems as "complex".

On Feb. 4, the commerce, manufacturing and trade subcommittee of the U.S.
House of Representatives committee on energy and commerce will hold
hearings on data breaches and their effect on consumers. Target is expected
to testify about its own breach.

"By examining these recent breaches and their consequences on consumers, we
hope to gain a better understanding of the nature of these crimes and what
steps can be taken to further protect information and limit cyber threats,"
said House subcommittee chairman Lee Terry (R - NE).

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!