Point of Sale (PoS) systems belonging to at least two North American gas station merchants and a hospitality chain have been attacked over the last few months by what Visa this week described as sophisticated cybercrime groups looking to harvest payment card data.
Unlike card theft operations where criminals attach hidden skimmers to card readers at gas pumps and other PoS systems, the latest attacks have involved the use of malware on the backend systems that merchants use to process card transactions. As a result, the attacks were a lot more sophisticated, Visa said in an alert.
"It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network, and takes more technical prowess than skimming attacks," Visa's alert said.
Visa's payment fraud division have identified at least three separate attacks targeting PoS systems since August. Two of them appear to have been carried out by FIN8, a threat group that has previously been associated with numerous attacks on PoS systems.
In one of the attacks that Visa identified this summer, the breach began when an employee at one of the gas station chains that was hit, clicked on a link in a phishing email and accidentally downloaded a Remote Access Trojan. The attackers used the Trojan to conduct reconnaissance on the breached network and eventually to move laterally into the merchant's PoS environment where they deployed a RAM memory scraper for harvesting payment card data.
The modus operandi was similar in the second incident as well, but investigators ha ..
Support the originator by clicking the read the rest link below.
