Recently hacker are targetted the retailers to get the customers credit acrd information it is started from Target breach after that Neiman Marcus, at last week hackers are hacked the Bell customer data.
There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card.
Large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data.
The most common is “CVV2” where the seller provides the credit card number, along with the additional CVV2 security code which is typically on the back of the card. This data is enough to facilitate online purchases. However some sellers also offer the more lucrative “Track 2” data.
This is shorthand for the data saved on a card’s magnetic strip. This data is more lucrative as it allows criminals to clone cards, meaning they can be used in brick-and-mortar stores or even ATMs if the PIN is available.
The value of the data is reflected in the online sale price and these prices vary widely. CVV2 data is sold for as little as $0.1 to $5 per card while Track 2 data may cost up to $100 per card.
Skimming is one of the more popular methods, This involves installing additional hardware onto the POS terminal which is then used to read track 2 data from cards.
It requires physical access to the POS, and expensive additional equipment, it’s difficult for criminals to carry this out on a large scale. To address this problem criminals have turned to software solutions in the form of POS malware.
market has grown in the supply and sale of malware, which reads Track 2 data from the memory of the POS terminal. Most POS systems are Windows-based, making it relatively easy to create malware to run on them.
This malware is known as memory-scraping malware as it looks in memory for data, which matches the pattern of the Track 2 data. Once it finds this data in memory, which occurs as soon as a card is swiped, it saves it in a file on the POS, which the attacker can later retrieve.
The most well-known piece of POS malware is BlackPOS which is sold on cybercrime forums. Symantec detects this malware as Infostealer.Reedum.B.
the next challenge for attackers is to get the malware onto the POS terminals. POS terminals are not typically connected to the Internet but will have some connectivity to the corporate network.
Attackers will therefore attempt to infiltrate the corporate network first. They may do this by exploiting weaknesses in external facing systems, such as using an SQL injection on a Web server, or finding a periphery device that still uses the default manufacturer password.
Once in the network, they will use various hacking tools to gain access to the network segment hosting the POS systems. After the POS malware is installed, attackers will take steps to make sure their activity goes unnoticed.
These steps could include scrubbing log files or tampering with security software, which all ensures that the attack can persist and gather as much data as possible.
Unfortunately, card data theft of this nature is likely to continue in the near term. Stolen card data has a limited shelf-life. Credit card companies are quick to spot anomalous spending patterns, as are observant card owners. This means that criminals need a steady supply of “fresh” card numbers.
Retailers will learn lessons from these recent attacks and take steps to prevent the re-occurrence of this type of attack. Payment technology will also change. Many US retailers are now expediting the transition to EMV, or “chip and pin” payment technologies.
Chip and Pin cards are much more difficult to clone, making them less attractive to attackers. And of course new payment models may take over. Smart-phones may become the new credit cards as mobile, or NFC, payment technology becomes more widely adopted.
Source and reference by Symantec, they are released an document regarding POS. If you want to read Click Here.
There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card.
Large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data.
The most common is “CVV2” where the seller provides the credit card number, along with the additional CVV2 security code which is typically on the back of the card. This data is enough to facilitate online purchases. However some sellers also offer the more lucrative “Track 2” data.
This is shorthand for the data saved on a card’s magnetic strip. This data is more lucrative as it allows criminals to clone cards, meaning they can be used in brick-and-mortar stores or even ATMs if the PIN is available.
The value of the data is reflected in the online sale price and these prices vary widely. CVV2 data is sold for as little as $0.1 to $5 per card while Track 2 data may cost up to $100 per card.
Skimming is one of the more popular methods, This involves installing additional hardware onto the POS terminal which is then used to read track 2 data from cards.
It requires physical access to the POS, and expensive additional equipment, it’s difficult for criminals to carry this out on a large scale. To address this problem criminals have turned to software solutions in the form of POS malware.
market has grown in the supply and sale of malware, which reads Track 2 data from the memory of the POS terminal. Most POS systems are Windows-based, making it relatively easy to create malware to run on them.
This malware is known as memory-scraping malware as it looks in memory for data, which matches the pattern of the Track 2 data. Once it finds this data in memory, which occurs as soon as a card is swiped, it saves it in a file on the POS, which the attacker can later retrieve.
The most well-known piece of POS malware is BlackPOS which is sold on cybercrime forums. Symantec detects this malware as Infostealer.Reedum.B.
the next challenge for attackers is to get the malware onto the POS terminals. POS terminals are not typically connected to the Internet but will have some connectivity to the corporate network.
Attackers will therefore attempt to infiltrate the corporate network first. They may do this by exploiting weaknesses in external facing systems, such as using an SQL injection on a Web server, or finding a periphery device that still uses the default manufacturer password.
Once in the network, they will use various hacking tools to gain access to the network segment hosting the POS systems. After the POS malware is installed, attackers will take steps to make sure their activity goes unnoticed.
These steps could include scrubbing log files or tampering with security software, which all ensures that the attack can persist and gather as much data as possible.
Unfortunately, card data theft of this nature is likely to continue in the near term. Stolen card data has a limited shelf-life. Credit card companies are quick to spot anomalous spending patterns, as are observant card owners. This means that criminals need a steady supply of “fresh” card numbers.
Retailers will learn lessons from these recent attacks and take steps to prevent the re-occurrence of this type of attack. Payment technology will also change. Many US retailers are now expediting the transition to EMV, or “chip and pin” payment technologies.
Chip and Pin cards are much more difficult to clone, making them less attractive to attackers. And of course new payment models may take over. Smart-phones may become the new credit cards as mobile, or NFC, payment technology becomes more widely adopted.
Source and reference by Symantec, they are released an document regarding POS. If you want to read Click Here.
No comments:
Post a Comment