A warning to shoppers: More cyber attacks like this one and this one are coming, according to a three-page confidential FBI report seen by Reuters, a determination the FBI made after finding some 20 hacking cases in the last year used the same type of malware as in the Target breach. Specifically, it's "memory-parsing" software known as a "RAM scraper," and it steals the transaction data from a credit or debit card's magnetic strip during the brief moment during the transaction process that the info isn't encrypted.
While the software itself isn't new, it's been beefed up to avoid detection by anti-virus software, and it's being sold in underground forums for relatively cheap—about $6,000 in one case—which makes the crime "attractive to a wide range of actors," reads the Jan. 17 report. A cyber security expert tells NPR that magnetic strip cards are "totally unprotected" and "about the worst security that you can put into a payment system." While chip-enabled cards are far more secure—with data hidden behind encryption—Visa says it had only issued about 3.5 million chip cards as of mid-last year; the majority of users probably won't have them in their hands until next year. Upgrading merchant terminals and ATMs will take even longer.