Visa Warns of Point-of-Sale Attacks from FIN8 Hackers
Criminal hacking group FIN8, known for a flurry of attacks in 2017 followed by a period of silence in 2018 until re-emerging earlier this year, has recently carried out three attacks against point-of-sale (POS) systems, including two against North American fuel dispenser merchants, Visa Payment Fraud Disruption said.
Visa said the attacks on fuel dispenser merchants aimed to steal credit card data directly from the POS systems. As is usually the case, the hacker”s success was due to a mix of human mistakes and lack of proper security protocols.
To steal credit card data, hackers need to go through a number of steps. In the FIN8 attack, it started with an employee opening a phishing email, which installed a Remote Access Trojan (RAT) on the merchant network and granted the threat actors network access.
“The actors then conducted reconnaissance of the corporate network, and obtained and utilized credentials to move laterally into the POS environment,” reads the Visa Payment Fraud Disruption report.
“There was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network, which enabled lateral movement. Once the POS environment was successfully accessed, a Random Access Memory (RAM) scraper was deployed on the POS system to harvest payment card data.”
The RAM scraper is a piece of software that can be used in a variety of ways, depending on what it”s designed to do. It can be used as a keylogger and can even send the data collected directly to the hackers.
A third attack against the network of a compromised North American hospitality merchant was also attributed FIN8, which is known for spearphishing attacks against the restaurant, hotel and hospitality sectors. The third attack used most of the same techniques, including a new shellcode backdoor based on the RM3 variant of the Ursnif (aka Gozi/Gozi-ISFB) modular banking malware.
Besides the improper employee training which lead to the one of them falling for phishing email, the hack was successful because the merchants lacked secure acceptance technology (e.g. EMV Chip, Point-to-Point Encryption, Tokenization, etc.) and didn”t comply with PCI DSS.
Visa warns any merchant that uses POS systems to secure their networks, to install and update security solutions, and most importantly, to pay close attention to phishing emails.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 16, 2021
September 14, 2021