According to Reuters, the FBI has discovered at least 20 data hacking cases in the past year which used the same kind of software that was used against Target during the holiday shopping season,
Last week, the FBI reportedly sent retailers a three-page report outlining the problem. The confidential memo outlined what it termed ""memory-parsing malware," which infects the point-of-sale (POS) machines typically found at store checkout registers.
The Jan. 17 document -- "Recent Cyber Intrusion Events Directed Toward Retail Firms" -- was seen by Reuters and later confirmed by an FBI spokesperson.
It warned: "We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it. The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors."
Target was the victim of a 19-day data attack which reportedly made the records from 40 million credit and debit card transactions available to hackers during the 2013 holiday shopping season. Target shares were down 0.49% to $58.36 in early New York trading on Friday.
Neiman Marcus said it was also cyber attacked last year. Sources told Reuters that credit card data from more than 1.1 million customer transactions was exposed by hackers between July 16, 2013, and Oct. 30, 2013. According to a recent statement by CEO Karen Katz, Visa (V), MasterCard (MA) and Discover Financial Services (DFS) report 2,400 payment cards that had been "swiped" at Neiman Marcus PIS terminals have also been used fraudulently.
Memory-parsing software is also known as "RAM scraper" technology. The malware copies the information from the magnetic stripe when the customer swipes it at a POS terminal. Even though that information is encrypted, RAM scrapers can grab it during the brief time the information spends in the retailers' computer memory.
RAM scraper technology has reportedly been available for years but its use has increased as software writers have made it more difficult to detect.
The FBI report said one variant of the malware allows for remote upgrades designed to thwart detection by corporate security teams while another hacker is selling a RAM scraper program for "as much as $6,000" via underground Internet forums.
-- Written by Gary Krakow in New York.
To submit a news tip, send an email to email@example.com.