- AARP - http://blog.aarp.org -
How Target-Like Breaches Occur (P.S. More Are Expected)
Posted By Sid Kirchheimer On January 28, 2014 @ 4:28 pm In Bulletin Today,Money & Savings,Technology | Comments Disabled
Maybe you are among the 110 million Target shoppers  whose payment card or personal information was hacked during the recent holiday shopping season. Perhaps you are one of the 1 million-plus Neiman Marcus customers  whose data was exposed in a 2013 breach just recently announced.
Been to Michael’s lately? The arts and crafts retailer is the latest well-known company whose customer payment details were reportedly stolen in the same type of data breach.
How are con artists  doing it — and which trusted retailer is next?
Sadly, warns the FBI and other authorities, wherever you shop, prepare for more of the same: cyber attacks that employ sophisticated malware to specifically target point of sale (POS) systems such as cash registers and card-swiping devices.
In a confidential report shared with select U.S. retailers and obtained by Reuters last week, the FBI identified “memory-parsing” malicious software — also known as a “RAM scraper” — as the source of about 20 Target-like hacking cases in the past year. And the bureau predicted that additional POS attacks will follow.
Typically, when a customer or store clerk swipes a credit or debit card, data from its magnetic stripe is collected by the POS terminal for transfer to the retailer’s payment processing provider.
But before that data is encrypted, nearly undetectable RAM scrapers — installed remotely but exactly how is still being investigated — allow hackers to extract account numbers, PINs and users’ personal information while it is in the computer’s live memory, where it very briefly appears in plain text.
“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” said the FBI report obtained by Reuters. “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime  attractive to a wide range of actors.”
On the black market, this malware sells for up to $6,000, and some reports indicate these hackers may be tied to the Russian mob. The FBI noted that one variant, known as Alina, included an option that allowed for “remote upgrades” to make it even harder for corporate security teams to identify and stop.
What does this mean to you?
Photo: Davide Restivo/Flickr 
Visit AARP’s new Fraud Watch Network website  for information about other scams, and sign up for free email alerts  with tips and resources to help you spot and avoid identity theft and fraud, and learn about scam-prevention events in your area.
Also of Interest
See the AARP home page  for deals, savings tips, trivia and more
Article printed from AARP: http://blog.aarp.org
URL to article: http://blog.aarp.org/2014/01/28/how-target-like-breaches-occur-p-s-more-are-expected/
URLs in this post:
 Image: http://blog.aarp.org/wp-content/uploads/2014/01/840814248_f87f9dfdb2.jpg
 Target shoppers: http://blog.aarp.org/2013/12/19/hackers-steal-target-shoppers-credit-debit-card-info/?intcmp=AE-BLIL-BL
 Neiman Marcus customers: http://blog.aarp.org/2014/01/13/hackers-go-upscale-infiltrate-neiman-marcus-accounts/?intcmp=AE-BLIL-BL
 con artists: http://www.aarp.org/content/dam/aarp/money/scams_fraud/2013-10/The-Con-Artists-Playbook-AARP.pdf?intcmp=AE-BLIL-DOTORG
 >> Sign up for the AARP Money newsletter: http://www.aarp.org/online-community/people/subscribeFromEmail.action?id=29636&intcmp=ILC-EMAIL-SUB-MONY
 cyber crime: http://blog.aarp.org/2013/12/27/cyber-scam-predictions-for-2014/?intcmp=AE-BLIL-BL
 fraud department: http://www.aarp.org/money/scams-fraud/fraud-watch-network/?cmp=RDRCT-FRDWCHNET_SEPT17_013
 Davide Restivo/Flickr: http://www.flickr.com/photos/somemixedstuff/840814248/sizes/m/in/photolist-2hioMo-2TSNHp-4gyAWY-4gyB2d-4gBndK-4gBngT-4gBno2-4gBnrX-4gBnvP-4gBnBg-4gBnMZ-4gBnSi-4gFrwb-4gFrAm-4gZE8Z-4gZEjV-4gZExT-4gZEAM-4gZEHD-4gZEPR-4gZF16-4h4HrL-4h4HvU-4h4HCL-4h4HGG-4h4HM1-4h4HWJ-4h4J5W-4h4Jg1-4jnmMS-4m8xGr-4m8y1H-4m8yai-4m8yht-4m8yzr-4m8yGZ-4m8yYe-4m8z98-4m8A1p-4m8A9v-4mczWj-4mcAxf-4mcAY5-4mcBrW-4mcBMh-4mcCsw-4mcCDo-4vGDYS-4yWJjP-4ASrkD-4WfWyn/
 free email alerts: https://action.aarp.org/site/SPageNavigator/FWN_Registration_Page.html
 >> Get discounts on financial services with your AARP Member Advantages.: http://www.aarpfinancial.com/content/aarpfinancial/home.html?intcmp=AE-BL-MON-DISC
 IRS Warns of ‘Sophisticated’ Phone Scam: http://blog.aarp.org/2013/11/04/irs-warns-of-sophisticated-phone-scam/?intcmp=AE-ENDART1-BL-REL
 Photos: Actor Gary Busey and 8 Other Celebs Who Went Broke: http://www.aarp.org/money/credit-loans-debt/info-12-2012/celebrities-who-went-broke-slideshow.html#slide1?intcmp=AE-ENDART2-BL-BOS
 Get free assistance with tax return preparation from Tax-Aide: http://www.aarp.org/money/taxes/aarp_taxaide/?intcmp=AE-ENDART3-BL-ADV
 Join AARP: https://appsec.aarp.org/MSS/join/application?keycode=U9ZTPH9&intcmp=AE-ENDART3-BL-MEM
 AARP home page: http://www.aarp.org/?intcmp=AE-ENDART3-BL-HP
Copyright © 2013 AARP. All rights reserved.