In a confidential report for retailers that was seen by Reuters, the FBI is warning companies to prepare for Target-like malware attacks in the future, as the agency has discovered about 20 similar hacks that used the same software in the past year.
“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” the FBI report said. “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail [point-of-sale] POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”
The report apparently didn’t name any other potentially affected companies, but revealed that the bulk of POS attacks the FBI investigated involved small-to-mid sized local or regional businesses, with estimated losses ranging from tens of thousands to millions of dollars.
So far only Target and Neiman Marcus acknowledged data breaches – hackers managed to steal from Target over 40 million credit and debit card records complete with encrypted PIN numbers, and personal data belonging to 70 million customers, while Neiman Marcus said that 1.1 million credit cards were breached.
The POS software that allowed hackers to steal data is still available for sale in underground forums, with one version of it known as Alina having an option that allows hackers to remotely upgrade the malware in order to avoid detection. Such malware can retail for as much as $6,000, an attractive offer for people looking to hack retail chains.
Retailers are scared of such sophisticated potential attacks, one unnamed consultant who is advising companies in current investigations told Reuters.
“Everybody we work with in the retail space is scared to death because they don’t have a lot of defenses to prepare against these types of attacks,” the consultant said. “This is not just based on anybody saying ‘This is going to happen.’ This is based on statistical data that the FBI is seeing.”