SoylentNews is people
SoylentNews
VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems
The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.
Three attacks that targeted organizations in this type of attack with the end goal of scraping payment card data were observed during the summer of 2019, according to the Visa Payment Fraud Disruption (PFD).
[...] PFD says that in the first incident it identified, unknown attackers were able to compromise their target using a phishing email that allowed them to infect one of the systems on the network with a Remote Access Trojan (RAT).
This provided them with direct network access, making it possible to obtain credentials with enough permissions to move laterally throughout the network and compromise the company's POS system as "there was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network."
The last stage of the attack saw the actors deploying a RAM scraper that helped them collect and exfiltrate customer payment card data.
During the second and third incidents, PFD states that the threat actors used malicious tools and TTPs (Tactics, Techniques and Procedures) attributable to the financially-motivated FIN8 cybercrime group.
[...] "It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant's internal network, and takes more technical prowess than skimming attacks," VISA PFD says.
"Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks."
So unfortunately this is really something that you can't do much about.
(Score: 0) by Anonymous Coward on Monday December 16 2019, @01:39AM (3 children)
The chip bit cannot be cloned... BUT, I read that the info on the chip, read by a shimmer, is used to write a magstripe card which can then be used to make fraudulent charges.
(Score: 2) by MostCynical on Monday December 16 2019, @02:46AM
Number, expiry date and ccv are all you need to make purchases by phone or online.
These details are all on the POS RAM, for at least an auditable amount of time
They *aren't* supposed to be connected to corporate networks..
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by DannyB on Monday December 16 2019, @03:44PM (1 child)
There is no "info" to read from the chip on a CC. The chip is not a clone of the mag stripe. The chip has an active role in the transaction.
The "chip" is a microprocessor with Java. When inserted into POS terminal it is powered up and does one job. It has a secret private key that was never recorded anywhere nor known to anyone. While the card is inserted into the POS terminal, the bank and the chip on your card negotiate an exchange where your card digitally signs the transaction. It matches the public key for your card which the bank has. Therefore only your card's private key could have signed it. The signed information includes information about the terminal, and the transaction that YOU approved on that terminal.
It might be possible to recover that key by carefully physically destroying the chip. But it is designed to resist that.
My information might be out of date or incorrect. So I'd be happy if anyone has something informative to add to this.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 0) by Anonymous Coward on Tuesday December 17 2019, @01:57AM
https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/ [krebsonsecurity.com]