Target Already Feeling the Aftermath
Target’s already started with plans to offer customers affected by the breach a year of free credit monitoring and fraud protection, but there is a long, costly road still ahead. And they will not be on that road alone. Since the Target breach was officially announced, Niemen Marcus came forward about a similar breach they suffered, and smaller breaches at three other well-known retailers are also being investigated.
Since the attack, it has been revealed that hackers used an exploit kit called Black-POS (for Point-of-Sale), a RAM scarper that intercepts information while it is being processed in a system’s RAM memory in its unencrypted state. Black-POS is a bit of software that just about anyone can get their hands on — it costs around $1800. That is a TINY investment considering the risk to the attackers (practically none) and the potential payoff. RAM scrapers have been around for a long time, but with these incredible successes, more attempts to cash in old-school loom large. 2014 will surely see more attacks — from down and dirty Ram scrapers to incredibly sophisticated ZeroDay malware that the security industry can barely speculate on.