Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Kiwis at risk of having payment data compromised

Symantec Threat Intelligence – Kiwis at risk of having payment data compromised both online and offline

You Better Watch Out: Online and Offline Threats Endanger Payment Card Data

Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping season.

As we enter the busiest shopping period of the year, both offline and online retailers, and consumers are facing risks to the security of their payment card data.

Formjacking has surged in 2018 — with Symantec blocking almost 700,000 formjacking attempts from mid-September to mid-November alone. This surge in formjacking is one of the big stories of 2018 — with attackers like Magecart using supply chain attacks and other tactics to inject malicious scripts into websites to steal payment card information.

There have also been attacks on point-of-sale (PoS) systems in bricks-and-mortar stores this year, though none so far that compare to the mega breaches of earlier this decade, which saw tens of millions of credit cards compromised in a single breach.

Point of sale, point of weakness

According to recent research from Symantec’s Deepsight Managed Adversary and Threat Intelligence (MATI) team (published in the MATI report How Cyber Criminals Monetize Unauthorized PoS System Access And Stolen Card Data - 01 Nov 2018), on dark net marketplaces threat actors are advertising access to PoS systems at prices ranging from $12US for administrative access to one PoS machine, to $60,000 for access to a large corporate network containing thousands of PoS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.

The techniques used by PoS scammers remain straightforward and have not evolved greatly in the last number of years, with scammers still using “RAM-scraping” malware to steal payment card details.

This RAM-scraping malware works because of how data generally travels around retailers’ systems.

• Retailers generally use network-level encryption within their internal networks to protect data as it travels from one system to another.
• However, payment card numbers are not always encrypted in the systems themselves and can still be found within the memory of the PoS system and other computer systems responsible for processing or passing on the data.
• This weakness allows attackers to use RAM-scraping malware to extract this data from memory while the data is being processed inside the terminal rather than when the data is travelling through the network.

For more information and images please visit the Symantec Threat Intelligence Blog.

ends

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Stats NZ: Largest Drop In Terms Of Trade In A Decade As Dairy Export Prices Sour

Lower export prices for dairy, meat, and logs in the September 2020 quarter led to the biggest drop in terms of trade since June 2009, Stats NZ said today. Export prices fell in the September 2020 quarter, down 8.3 percent from its highest ever ... More>>

ALSO:

Stats NZ: Election Boosts October Job Numbers

Job numbers were boosted by general election staff in October 2020, along with rises in the manufacturing, retail, and hospitality industries, Stats NZ said today. Filled jobs rose by 27,667 to 2.2 million in October 2020 compared with September, after ... More>>

Government: New Year Border Exception For Seasonal Workers In The Horticulture And Wine Industries

2000 additional RSE workers to enter New Zealand early next year employers must pay these workers at least $22.10 an hour employers will cover costs of managed isolation for the RSE workers RSE workers will be paid the equivalent of 30 hours work a week ... More>>

ALSO:


Media: Discovery, Inc. Completes Acquisition Of New Zealand’s Mediaworks TV Ltd

Auckland, New Zealand, December 1, 2020 - Discovery, Inc. (“Discovery”), the global leader in real-life entertainment, has completed its acquisition of New Zealand’s leading independent free-to-air commercial broadcaster, MediaWorks TV Ltd, now operating ... More>>

Department Of Conservation: Big Year Underway At Albatross Colony

Familiar faces are returning for the new season of Royal Cam, with a big breeding year underway for the toroa/northern royal albatross colony on Otago’s windswept Pukekura/Taiaroa Head. More than 120 albatrosses, a taonga species, have returned ... More>>

Real Estate: ASB Survey Reveals Majority Of Kiwis Expect House Prices To Keep Climbing

ALSO:

House price expectations are soaring as New Zealand’s housing market shifts up a gear. But stretched affordability is putting a dent in perceptions of whether it’s a good time to buy. While Kiwis reveal they do expect interest rates to fall further. ... More>>

Stats NZ: Births And Deaths: Year Ended September 2020

Births and deaths releases provide statistics on the number of births and deaths registered in New Zealand, and selected fertility and mortality rates. Key facts For the year ended September 2020: 57,753 live births and 32,670 deaths ... More>>

ALSO: