The shopping-season attacks on Target and Neiman Marcus increasingly appear to be part of a coordinated criminal campaign. Most observers believe Target's point-of-sale devices suffered RAM-scraping, a relatively sophisticated attack that extracted card data while those data were resident in memory, and thus less protected by encryption. The malware also apparently performed something akin to what microbiologists call "quorum sensing": remaining quiet and stealthy until the infection achieved the critical mass necessary to work its damage.
Neiman Marcus, which discovered its breach later than Target did, is now assessing damage and notifying affected customers. Other unnamed retailers were also breached. Card data stolen in the attacks has flooded criminal markets. The data ought to be worth billions, but the thieves seem to be having trouble moving their digital swag: there's a glut on the market and the merchandise is still pretty hot.
Since Target and Neiman Marcus were by no means ill-prepared or poorly resourced, it seems safe to conclude that (1) their handling of the incident will prove instructive, and (2) many other, softer targets will discover they've been hit as well.
Elsewhere in the criminal economy the market for do-it-yourself telephony denial-of-service (TDoS) tools thrives.
Oracle, Adobe, and Microsoft all patch later today.
In industry news, Google makes a smart-grid, Internet-of-things play, buying Nest for $3.2B. Facebook snuggles up to VKontakte with a data-sharing agreement. Huawei works on an image makeover amid signs the UK government will shun its hardware.
Researchers develop a model to predict cyber attacks.