On-line Shoppers Brace for Cyber Theft During the Christmas Retail Season

As millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers. Cybersecurity firm iSight Partners on Tuesday revealed research about the malware, dubbed ModPOS, which the company says is largely undetectable by current antivirus scans.

The firm declined to name specific victims of the threat, but it said its investigation uncovered infections at "national retailers." The revelation comes as the retail industry is reeling from a wave of breaches uncovered since Target was hit during the 2013 holiday season. "It's the most sophisticated point-of-sale malware we've seen to date," said Maria Noboa, an iSight senior threat analyst. Instead of being just one piece of software, it's a complex framework of multiple modules and plug-ins. Those parts combine to collect a lot of detailed information about a company, including payment information and personal log-in credentials of executives. One way the companies try to limit their exposure is using more advanced forms of encryption to protect consumer data. With one method, known as point-to-point encryption, a consumer's payment card data is unlocked only after it reaches the payment processor. Which other measures can consumers and Etailers alike take to prevent on-line theft? Share your comments at the Cloud and Cyber Security Center.