Symantec Threat Intelligence – Kiwis at risk of having payment data compromised both online and offline
You Better Watch Out: Online and Offline Threats Endanger Payment Card Data
Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping
season.
As we enter the busiest shopping period of the year, both offline and online retailers, and consumers are facing risks
to the security of their payment card data.
Formjacking has surged in 2018 — with Symantec blocking almost 700,000 formjacking attempts from mid-September to
mid-November alone. This surge in formjacking is one of the big stories of 2018 — with attackers like Magecart using
supply chain attacks and other tactics to inject malicious scripts into websites to steal payment card information.
There have also been attacks on point-of-sale (PoS) systems in bricks-and-mortar stores this year, though none so far
that compare to the mega breaches of earlier this decade, which saw tens of millions of credit cards compromised in a
single breach.
Point of sale, point of weakness
According to recent research from Symantec’s Deepsight Managed Adversary and Threat Intelligence (MATI) team (published
in the MATI report How Cyber Criminals Monetize Unauthorized PoS System Access And Stolen Card Data - 01 Nov 2018), on
dark net marketplaces threat actors are advertising access to PoS systems at prices ranging from $12US for
administrative access to one PoS machine, to $60,000 for access to a large corporate network containing thousands of PoS
servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and
$175 per card.
The techniques used by PoS scammers remain straightforward and have not evolved greatly in the last number of years,
with scammers still using “RAM-scraping” malware to steal payment card details.
This RAM-scraping malware works because of how data generally travels around retailers’ systems.
• Retailers generally use network-level encryption within their internal networks to protect data as it travels
from one system to another.
• However, payment card numbers are not always encrypted in the systems themselves and can still be found within
the memory of the PoS system and other computer systems responsible for processing or passing on the data.
• This weakness allows attackers to use RAM-scraping malware to extract this data from memory while the data is
being processed inside the terminal rather than when the data is travelling through the network.
For more information and images please visit the Symantec Threat Intelligence Blog.
ends