A new FBI report warned retailers more computer attacks designed to steal credit and debit card data at the point of sale are likely in the near- to mid-term.
“As the [Department of Homeland Security] report suggests, the growing popularity of this type of malware, the accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially-motivated cyber crime attractive to a wide range of actors,” the report from the FBI's Cyber Division said. “We believe POS malware crime will continue to grow over the near term despite law enforcement and security firms’ actions to mitigate it.”
The investigative agency said that it had discovered roughly 20 incidents over the past year where software designed to steal card numbers had been introduced onto the POS terminals of U.S. retailers. It also indicated in the Jan. 17 report that programs designed to perpetrate these thefts have been seen on sale in underground criminal forums for $6,000.
Significantly, the report said the POS theft software had not infected POS terminals on its own, but had always been delivered subsequent to other breaches which were often made using well known and routine strategies.
This suggested tightening up on standard data security measures could play a key role in keeping the software off of POS systems.
“The POS malware is typically introduced into a system after the system has already been compromised. In other words, the POS malware serves as the payload as a result of the initial intrusion,” the report said. “The attack can take various forms, such as phishing e-mails, compromised Web sites, and other common infection vectors.”