This morning, I read the recently-released McAfee Labs Threats Report – Fourth Quarter 2013 The lead story was entitled “The cybercrime industry and its role in POS attacks.” To introduce a timeline chart that includes successful attacks on well known retailers, the report states:
In December, we began to hear of a series of point-of-sale (POS) attacks on multiple retail chains across the United States. The first story to break was specific to Target; this attack has been ranked among the largest data-loss incidents of all time. Soon we learned of more retail chains affected by POS attacks. Neiman Marcus, White Lodging, Harbor Freight Tools, Easton-Bell Sports, Michaels Stores, and ‘wichcraft all suffered similar POS breaches in 2013. Although there has been no public acknowledgment that the attacks are related or carried out by the same actor, many of them leveraged off-the-shelf malware to execute the attacks.
Two themes in the article particularly stood out:
- Many attacks leveraged “off-the-shelf malware”
- The attacks were executed by a “healthy and growing cybercrime industry”
The article concluded:
We believe these breaches will have long-lasting repercussions. We expect to see changes to security approaches and compliance mandates and, of course, lawsuits. But the big lesson is that we face a healthy and growing cybercrime industry which played a key role in enabling and monetizing the results of these attacks.
Intruders are better prepared, more organized and better equipped than ever. It’s a crazy world out there.
