Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Kiwis at risk of having payment data compromised

Symantec Threat Intelligence – Kiwis at risk of having payment data compromised both online and offline

You Better Watch Out: Online and Offline Threats Endanger Payment Card Data

Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping season.

As we enter the busiest shopping period of the year, both offline and online retailers, and consumers are facing risks to the security of their payment card data.

Formjacking has surged in 2018 — with Symantec blocking almost 700,000 formjacking attempts from mid-September to mid-November alone. This surge in formjacking is one of the big stories of 2018 — with attackers like Magecart using supply chain attacks and other tactics to inject malicious scripts into websites to steal payment card information.

There have also been attacks on point-of-sale (PoS) systems in bricks-and-mortar stores this year, though none so far that compare to the mega breaches of earlier this decade, which saw tens of millions of credit cards compromised in a single breach.

Point of sale, point of weakness

According to recent research from Symantec’s Deepsight Managed Adversary and Threat Intelligence (MATI) team (published in the MATI report How Cyber Criminals Monetize Unauthorized PoS System Access And Stolen Card Data - 01 Nov 2018), on dark net marketplaces threat actors are advertising access to PoS systems at prices ranging from $12US for administrative access to one PoS machine, to $60,000 for access to a large corporate network containing thousands of PoS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.

The techniques used by PoS scammers remain straightforward and have not evolved greatly in the last number of years, with scammers still using “RAM-scraping” malware to steal payment card details.

This RAM-scraping malware works because of how data generally travels around retailers’ systems.

• Retailers generally use network-level encryption within their internal networks to protect data as it travels from one system to another.
• However, payment card numbers are not always encrypted in the systems themselves and can still be found within the memory of the PoS system and other computer systems responsible for processing or passing on the data.
• This weakness allows attackers to use RAM-scraping malware to extract this data from memory while the data is being processed inside the terminal rather than when the data is travelling through the network.

For more information and images please visit the Symantec Threat Intelligence Blog.

ends

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Commerce Commission: Latest Broadband Report Confirms Improved Performance Of Premium Fibre Plans

The latest report from the Commerce Commission’s Measuring Broadband New Zealand programme shows that the performance of Fibre Max plans has improved substantially. This follows a collaboration between the Commission, its independent testing partner, ... More>>

Air New Zealand: Capital Raise Deferred

Air New Zealand has decided to defer its planned capital raise to later in 2021 allowing more time to assess the impacts of recent developments on the airline’s path to recovery. 'We’ve seen some clearing of COVID-19 clouds recently, with ... More>>

Commerce Commission: Cartel Conduct Now Punishable By Up To 7 Years’ Jail Time

Cartel conduct can now be punished with a term of imprisonment of up to 7 years, after the Commerce (Criminalisation of Cartels) Amendment Act 2019 came into effect today. Cartel conduct includes price fixing, market allocation and bid rigging (see ... More>>

Stats NZ: Auckland Population May Hit 2 Million In Early 2030s

Auckland’s population may rise from about 1.7 million currently to 2 million by early next decade, Stats NZ said today. “Auckland will likely have the highest average annual growth of New Zealand’s 16 regions over the next 30 years, from ... More>>


Stats NZ: March Card Spending Rebounds Despite COVID

There was a lift in retail card spending in March following a fall in the lockdown-disrupted February month, Stats NZ said today. Seasonally adjusted retail card spending rose by $53 million (0.9 percent), compared with February 2021. Visit our website to read ... More>>

PwC: Outcome Of Review Into Air New Zealand Gas Turbines Business

Air New Zealand has received the report into its Gas Turbines business from independent external advisers PwC. Air New Zealand Chairman Dame Therese Walsh says the report identified a range of effective controls in the Gas Turbines revenue contracting ... More>>

LPG Association: Renewable LPG Achieves Emissions Budgets With No Need To Ban New LPG Connections

Renewable LPG can supply New Zealand’s LPG needs and achieve the emissions reductions proposed by the Climate Commission without the need to ban new connections, a new study shows. The investigation, by leading consultancy Worley, was prepared for the ... More>>