It's not just the big guys who have to look out for threats from digital criminals. According to reports, over a two-month period cyber thieves stole details from some 24 million card transactions carried out at small retailers in 11 different countries, including Australia, Canada, Russia and the U.S.
The breach was discovered by RSA FirstWatch, which wrote about the discovery on a company blog yesterday. Thieves used "ChewBacca" malware to gain access to retailers' systems.
According to the RSA blog, ChewBacca uses "a generic keylogger and a memory scanner designed to specifically target systems that process credit cards, such as Point-of-Sale (POS) systems. The memory scanner dumps a copy of a process's memory and searches it using simple regular expressions for card magnetic stripe data. If a card number is found, it is extracted and logged by the server."
RSA contacted affected companies and the FBI after discovering the attack on Wednesday. The server used to launch the attacks was shut down yesterday.
As to how to prevent these types of attacks in the future, Yotam Gottesman, senior security researcher at RSA, wrote, "Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors."
How confident are you when making a purchase at a retail store or on a website that your information won't end up in the possession of criminals?