The statement said the "attacker methodology" was to identify sites that seem vulnerable to SQL injection and that the attackers "appear to target MSSQL only." (How nice. The cyber thieves run Microsoft-only shops. Redmond would be proud.)
The bad guys, according to the FBI and Secret Service statement, then typically "use xp_cmdshell, an extended procedure installed by default on MSSQL, to download their hacker tools to the compromised MSSQL server" before getting "valid Windows credentials by using fgdump or a similar tool." The next step is to install a traditional network sniffer as well as "install backdoors that beacon periodically to their command and control servers, allowing surreptitious access to the compromised networks."
The most common targets are databases, hardware security modules and processing applications "in an effort to obtain credit card data or brute-force ATM PINs. They use WinRAR to compress the information they pilfer from the compromised networks."
The remainder of the joint statement focused on reminding retailers of standard security procedures, such as "implement firewall rules to block known malicious IP addresses," "deny access to the Internet except through proxies for Store and Enterprise servers and workstations" and "run the minimum required applications and services on servers necessary to perform their intended function."
It also specified escape sequence phrasing changes that both the FBI and Secret Service are encouraging E-tailers to make right away.