Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

posted by chromas on Sunday December 15 2019, @10:57PM   Printer-friendly

Fnord666 writes:

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.

Three attacks that targeted organizations in this type of attack with the end goal of scraping payment card data were observed during the summer of 2019, according to the Visa Payment Fraud Disruption (PFD).

[...] PFD says that in the first incident it identified, unknown attackers were able to compromise their target using a phishing email that allowed them to infect one of the systems on the network with a Remote Access Trojan (RAT).

This provided them with direct network access, making it possible to obtain credentials with enough permissions to move laterally throughout the network and compromise the company's POS system as "there was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network."

The last stage of the attack saw the actors deploying a RAM scraper that helped them collect and exfiltrate customer payment card data.

During the second and third incidents, PFD states that the threat actors used malicious tools and TTPs (Tactics, Techniques and Procedures) attributable to the financially-motivated FIN8 cybercrime group.

[...] "It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant's internal network, and takes more technical prowess than skimming attacks," VISA PFD says.

"Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks."

So unfortunately this is really something that you can't do much about.

Original Submission

 
This discussion has been archived. No new comments can be posted.
VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday December 15 2019, @11:54PM (2 children)

    by Anonymous Coward on Sunday December 15 2019, @11:54PM (#932544)

    They just cruise around on free electricity, laughing at you chumps who still need to use credit cards.

  • (Score: 0) by Anonymous Coward on Sunday December 15 2019, @11:59PM (1 child)

    by Anonymous Coward on Sunday December 15 2019, @11:59PM (#932547)

    ...while Tesla tracks their every move.

    • (Score: 4, Interesting) by black6host on Monday December 16 2019, @12:28AM

      by black6host (3827) on Monday December 16 2019, @12:28AM (#932560) Journal

      It's only a matter of time before all the car insurance companies track you all the time anyway so what the hell. https://www.marketwatch.com/story/should-you-let-your-car-insurer-monitor-you-2019-03-27 [marketwatch.com] and that article shows a bit of bias towards the practice. At least too much for me. At least it's not mandatory but more and more insurers are offering that crap and they track you using your phone. Which most people have, it's not like they have to install some hardware crap like they used to. Soon, it'll be always on...