2 min read

Visa Warns of Point-of-Sale Attacks from FIN8 Hackers

Silviu STAHIE

December 16, 2019

Visa Warns of Point-of-Sale Attacks from FIN8 Hackers

Criminal hacking group FIN8, known for a flurry of attacks in 2017 followed by a period of silence in 2018 until re-emerging earlier this year, has recently carried out three attacks against point-of-sale (POS) systems, including two against North American fuel dispenser merchants, Visa Payment Fraud Disruption said.

Visa said the attacks on fuel dispenser merchants aimed to steal credit card data directly from the POS systems. As is usually the case, the hacker”s success was due to a mix of human mistakes and lack of proper security protocols.

To steal credit card data, hackers need to go through a number of steps. In the FIN8 attack, it started with an employee opening a phishing email, which installed a Remote Access Trojan (RAT) on the merchant network and granted the threat actors network access.

“The actors then conducted reconnaissance of the corporate network, and obtained and utilized credentials to move laterally into the POS environment,” reads the Visa Payment Fraud Disruption report.

“There was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network, which enabled lateral movement. Once the POS environment was successfully accessed, a Random Access Memory (RAM) scraper was deployed on the POS system to harvest payment card data.”

The RAM scraper is a piece of software that can be used in a variety of ways, depending on what it”s designed to do. It can be used as a keylogger and can even send the data collected directly to the hackers.

A third attack against the network of a compromised North American hospitality merchant was also attributed FIN8, which is known for spearphishing attacks against the restaurant, hotel and hospitality sectors. The third attack used most of the same techniques, including a new shellcode backdoor based on the RM3 variant of the Ursnif (aka Gozi/Gozi-ISFB) modular banking malware.

Besides the improper employee training which lead to the one of them falling for phishing email, the hack was successful because the merchants lacked secure acceptance technology (e.g. EMV Chip, Point-to-Point Encryption, Tokenization, etc.) and didn”t comply with PCI DSS.

Visa warns any merchant that uses POS systems to secure their networks, to install and update security solutions, and most importantly, to pay close attention to phishing emails.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Microsoft Drops Password Authentication for Most Products Microsoft Drops Password Authentication for Most Products
Silviu STAHIE

September 16, 2021

1 min read
Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS
Filip TRUȚĂ

September 14, 2021

2 min read
WhatsApp Users Get Option to Encrypt Backups WhatsApp Users Get Option to Encrypt Backups
Silviu STAHIE

September 13, 2021

1 min read