Kiwis at risk of having payment data compromised
Symantec Threat Intelligence – Kiwis at risk of
having payment data compromised both online and
You Better Watch Out: Online and Offline Threats Endanger Payment Card Data
Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping season.
As we enter the busiest shopping period of the year, both offline and online retailers, and consumers are facing risks to the security of their payment card data.
Formjacking has surged in 2018 — with Symantec blocking almost 700,000 formjacking attempts from mid-September to mid-November alone. This surge in formjacking is one of the big stories of 2018 — with attackers like Magecart using supply chain attacks and other tactics to inject malicious scripts into websites to steal payment card information.
There have also been attacks on point-of-sale (PoS) systems in bricks-and-mortar stores this year, though none so far that compare to the mega breaches of earlier this decade, which saw tens of millions of credit cards compromised in a single breach.
Point of sale, point of
According to recent research from Symantec’s Deepsight Managed Adversary and Threat Intelligence (MATI) team (published in the MATI report How Cyber Criminals Monetize Unauthorized PoS System Access And Stolen Card Data - 01 Nov 2018), on dark net marketplaces threat actors are advertising access to PoS systems at prices ranging from $12US for administrative access to one PoS machine, to $60,000 for access to a large corporate network containing thousands of PoS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.
The techniques used by PoS scammers remain straightforward and have not evolved greatly in the last number of years, with scammers still using “RAM-scraping” malware to steal payment card details.
This RAM-scraping malware works because of how data generally travels around retailers’ systems.
• Retailers generally use network-level encryption
within their internal networks to protect data as it travels
from one system to another.
• However, payment card numbers are not always encrypted in the systems themselves and can still be found within the memory of the PoS system and other computer systems responsible for processing or passing on the data.
• This weakness allows attackers to use RAM-scraping malware to extract this data from memory while the data is being processed inside the terminal rather than when the data is travelling through the network.
For more information and images please visit the Symantec Threat Intelligence Blog.