Amidst the uproar over the massive government worker data breach, smaller intrusions continue to take place, such asa recent cyberattack against a restaurant chain's credit cardsystem that prompted the FBI to issue a warning.

The announcement warned that criminal hackers are using newmalicious software named after the TV character Punky Brewster, butspelled “Punkey,” to steal personal financial data. Investigatorshave high confidence that Punkey recently infiltrated the networkof an unidentified restaurant chain.

“Cybercriminals continue to deploy point-of-sale malware due tothe number of targets connected to the Internet and large potentialprofits,” the FBI alert said. “In the past year, there has been anincrease in restaurants, casinos, hotels and resorts targeted byPOS malware. Cybercriminals infect victim networks to extractcredit card information and quickly monetize it withincybercriminal forums.”

The new Punkey malware, uncovered by Chicago security firmTrustwave, scans and “scrapes” un-coded, plaintext credit cardinformation in the RAM of payment-processing devices such as cardreaders and POS terminals. The malware inserts itself intocomputers, performs system scans, encrypts hacked information, andthen connects to remote servers used to store and retrieve stolencredit card data. Cybercriminals then post appropriated data forsale online.

Researchers at Trustwave and the U.S. Secret Service said Punkeyoperates similar to another POS malware called NewPOSThings.Additional POS malware uncovered in recent months is PoSeidon,which is known to have infected restaurant, bar and hotel paymentterminals in the United States.

Last week restaurant/grocery store chain Eataly reported amalware-related POS breach at its New York location, one of 27reported internationally. The chain announced that based upon anextensive forensic investigation, it appears that unauthorizedindividuals installed malicious software designed to capturepayment card information (including name, payment card accountnumber, card expiration date and CVV security code) on the systemsused to process payment card transactions between Jan. 16, 2015 andApril 2, 2015.

“Using malware to breach POS systems is not surprising in theleast,” Kevin Watson, CEO at Houston-based Netsurion, a securitycompany that protects small business' payment and data, said. “Itcosts nothing for data thieves to attempt to hack a business. WhatSMBs need to understand is that every business is a worthwhile andvaluable target.”

Watson added, “SMBs have no excuse for not using a morecomprehensive solution to bolster security and decrease theirchances of becoming the next headline.”

According to a National Small Business Association survey, morethan half of 675 small businesses reported being victims ofhackers' attacks last year, up from 44% in 2013. And of thosecompanies that reported being hacked last year, 68% said they hadbeen victimized at least twice. In 2013, cyber-attacks cost smallbusinesses on average $8,699 per attack. That number skyrocketed to$20,752 per attack in 2014. For those firms whose business bankingaccounts were hacked, the average losses were $19,948 in 2014, upsignificantly from $6,927 in 2013.

Watson said common mistakes can lead to small business credit cardbreaches, which include failure to protect incoming Internettraffic, adequately guard on-premise Wi-Fi, use two-factorauthentication, provide control over outbound Internet traffic,update anti-malware software and patch all operating systems assecurity enhancements.

“Almost every major breach in the last 24 months failed toincorporate at least one of these measures,” Watson said.