BreachExchange mailing list archives
FBI warns of memory-scraping malware in wake of Target breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 24 Jan 2014 17:05:13 -0700
http://searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping-malware-in-wake-of-Target-breach The U.S. Federal Bureau of Investigation last week provided select retailers with a confidential, three-page document warning them to expect more cyberattacks like those that recently hit Target Corp. and Neiman Marcus, according to a report by Reuters. In its warning titled, "Recent Cyber Intrusion Events Directed Toward Retail Firms", the FBI said in the past year it has uncovered around 20 cases of cyberattacks against retailers year that utilized similar methods to those uncovered in the Target incident. The agency pointed to "memory-parsing" malware, more commonly referred to as RAM scrapers or memory-scraping malware, as the source of the infections on point-of sale (POS) systems. RAM-scraper software scans memory in search of track data from payment cards that may be unencrypted. "We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," said the FBI in the report, seen by Reuters. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors." The FBI pointed to Alina, a variant of POS malware, as an example of the increasingly sophisticated threats targeting retailers' aged and often inadequately secured point-of-sale systems. Alina enables attackers to perform remote upgrades, which reportedly makes identifying and removing it more difficult for IT security teams. The FBI's warning comes after Minneapolis, Minn.-based Target admitted in December that criminals had stolen information on approximately 40 million credit and debit card numbers, immediately making it one of the largest data breaches in retail history. Through its investigation of the breach, the company later divulged that up to 70 million customers' personal data, including email addresses and phone numbers, had also been compromised in the same attack, though Target never clarified the possible overlap between the two sets of data. Dallas-based luxury retailer Neiman Marcus admitted this month that about 1.1 million payment cards had been compromised at its stores from July 16 to October 30 of last year. In a letter to U.S. Senator Richard Blumenthal (D - CT), Neiman Marcus CIO Michael R. Kingston said that 2,400 cards stolen as part of the breach had been used so far and described the malware that infected the company's point-of-sale systems as "complex". On Feb. 4, the commerce, manufacturing and trade subcommittee of the U.S. House of Representatives committee on energy and commerce will hold hearings on data breaches and their effect on consumers. Target is expected to testify about its own breach. "By examining these recent breaches and their consequences on consumers, we hope to gain a better understanding of the nature of these crimes and what steps can be taken to further protect information and limit cyber threats," said House subcommittee chairman Lee Terry (R - NE).
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- FBI warns of memory-scraping malware in wake of Target breach Audrey McNeil (Jan 30)