Last week the Federal Bureau of Investigation issued an advisory to retailers warning that the “memory-parsing” malware that infects point-of-sale (POS) systems such as cash registers and credit-card terminals used in the Target breach has been connected to some 20 other hacking cases in the past year.
“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” the FBI report stated.
The memory-scraping malicious agent known as “Kaptoxa” has been available on underground criminal forums under the name of “BlackPOS” since at least the middle of last year for a fee of $1,800 for the basic version and $2,300 for the full version.
“The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors,” the FBI advisory continued.
The malware can allegedly circumvent network firewalls, and once present on POS systems, can harvest credit card information in real time as cards are used for purchases.
Thus far, Target has disclosed that the information stolen from includes names, mailing addresses, phone numbers or email addresses, but some suspect that the breach may be far worse, and may include a wealth of predictive analytics that is used to profile customers.
“The high dollar value gained from some of these compromises can encourage intruders to develop high sophistication methodologies, as well as incorporate mechanisms for the actors to remain undetected,” the FBI said.
Read More Here…