Scoop Business

Kiwis at risk of having payment data compromised

Friday, 23 November 2018, 8:44 am
Press Release: Symantec

Symantec Threat Intelligence – Kiwis at risk of having payment data compromised both online and offline

You Better Watch Out: Online and Offline Threats Endanger Payment Card Data

Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping season.

As we enter the busiest shopping period of the year, both offline and online retailers, and consumers are facing risks to the security of their payment card data.

Formjacking has surged in 2018 — with Symantec blocking almost 700,000 formjacking attempts from mid-September to mid-November alone. This surge in formjacking is one of the big stories of 2018 — with attackers like Magecart using supply chain attacks and other tactics to inject malicious scripts into websites to steal payment card information.

There have also been attacks on point-of-sale (PoS) systems in bricks-and-mortar stores this year, though none so far that compare to the mega breaches of earlier this decade, which saw tens of millions of credit cards compromised in a single breach.

Point of sale, point of weakness

According to recent research from Symantec’s Deepsight Managed Adversary and Threat Intelligence (MATI) team (published in the MATI report How Cyber Criminals Monetize Unauthorized PoS System Access And Stolen Card Data - 01 Nov 2018), on dark net marketplaces threat actors are advertising access to PoS systems at prices ranging from $12US for administrative access to one PoS machine, to $60,000 for access to a large corporate network containing thousands of PoS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.

Advertisement - scroll to continue reading

The techniques used by PoS scammers remain straightforward and have not evolved greatly in the last number of years, with scammers still using “RAM-scraping” malware to steal payment card details.

This RAM-scraping malware works because of how data generally travels around retailers’ systems.

• Retailers generally use network-level encryption within their internal networks to protect data as it travels from one system to another.
• However, payment card numbers are not always encrypted in the systems themselves and can still be found within the memory of the PoS system and other computer systems responsible for processing or passing on the data.
• This weakness allows attackers to use RAM-scraping malware to extract this data from memory while the data is being processed inside the terminal rather than when the data is travelling through the network.

For more information and images please visit the Symantec Threat Intelligence Blog.

ends

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

John Mazenier: Gaffer Tape And Glue Delivering New Zealand’s Mission Critical Services

Every debt, eventually, has to be repaid. Right now, the day of reckoning is fast approaching for one of the most crippling, but least discussed, debts burdening government across New Zealand – technical debt. Technical debt is the cost of generations of incremental investments in legacy technologies to tease additional functionality or life from them.

Earthquake Commission: Ivan Skinner Award Winner Inspired By Real-life Earthquake Experience

Witnessing the human cost of the Canterbury earthquakes inspired Ben Exton to become an earthquake engineer and find solutions to make New Zealand homes more resilient against future seismic events. Exton last week received the Ivan Skinner Award at the New Zealand Society of Earthquake Engineering (NZSEE) annual conference to recognise his innovative work as a practitioner and to support his qu

Reserve Bank: Consultation Opens On A Digital Currency For New Zealand

Te Pūtea Matua is continuing its exploration of a central bank digital currency. “We are calling this ’digital cash’. It would be a new type of money in addition to the banknotes and coins we have today, and the electronic money in your bank account,” Director of Money and Cash – Tari Moni Whai Take Ian Woolford says.

NIWA: Ship Anchors May Cause Extensive And Long-lasting Damage To The Seafloor, According To New Research

NIWA anchored their research vessel in Wellington Harbour and observed in real-time how its anchor changed the surrounding environment. Study leader NIWA geophysicist Dr Sally Watson says they saw broomstick-like scarring on the seabed.

New Zealand Customs Service: A Step Forward For Simpler Trade Between New Zealand And Singapore

The New Zealand Customs Service has signed an arrangement with Singapore that will help to make trade simpler for exporters. The Arrangement on Facilitating Safe and Efficient Trade sets out a framework for developing and strengthening practical cooperation on trade and the use of emerging technology.

Horizon Research: 68% Say Make Banks Offer Fraud Protection

68% (2,785,000 adults) believe the government should regulate to make sure banks offer fraud and cybercrime protection to customers. These are among findings of a new study, conducted in the public interest by Horizon Research, on bank fraud and cybercrime.

Join Scoop Pro

Submit News

Become a Member