2 min read

Visa Warns of Point-of-Sale Attacks from FIN8 Hackers

Silviu STAHIE

December 16, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Visa Warns of Point-of-Sale Attacks from FIN8 Hackers

Criminal hacking group FIN8, known for a flurry of attacks in 2017 followed by a period of silence in 2018 until re-emerging earlier this year, has recently carried out three attacks against point-of-sale (POS) systems, including two against North American fuel dispenser merchants, Visa Payment Fraud Disruption said.

Visa said the attacks on fuel dispenser merchants aimed to steal credit card data directly from the POS systems. As is usually the case, the hacker”s success was due to a mix of human mistakes and lack of proper security protocols.

To steal credit card data, hackers need to go through a number of steps. In the FIN8 attack, it started with an employee opening a phishing email, which installed a Remote Access Trojan (RAT) on the merchant network and granted the threat actors network access.

“The actors then conducted reconnaissance of the corporate network, and obtained and utilized credentials to move laterally into the POS environment,” reads the Visa Payment Fraud Disruption report.

“There was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network, which enabled lateral movement. Once the POS environment was successfully accessed, a Random Access Memory (RAM) scraper was deployed on the POS system to harvest payment card data.”

The RAM scraper is a piece of software that can be used in a variety of ways, depending on what it”s designed to do. It can be used as a keylogger and can even send the data collected directly to the hackers.

A third attack against the network of a compromised North American hospitality merchant was also attributed FIN8, which is known for spearphishing attacks against the restaurant, hotel and hospitality sectors. The third attack used most of the same techniques, including a new shellcode backdoor based on the RM3 variant of the Ursnif (aka Gozi/Gozi-ISFB) modular banking malware.

Besides the improper employee training which lead to the one of them falling for phishing email, the hack was successful because the merchants lacked secure acceptance technology (e.g. EMV Chip, Point-to-Point Encryption, Tokenization, etc.) and didn”t comply with PCI DSS.

Visa warns any merchant that uses POS systems to secure their networks, to install and update security solutions, and most importantly, to pay close attention to phishing emails.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Man who "scraped and sold 178 million users' data" is sued by Facebook Man who "scraped and sold 178 million users' data" is sued by Facebook
Graham CLULEY

October 26, 2021

2 min read
Microsoft Teams Rolls Out End-to-End Encryption Microsoft Teams Rolls Out End-to-End Encryption
Silviu STAHIE

October 25, 2021

1 min read
Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains
Filip TRUȚĂ

October 25, 2021

2 min read