Cybercriminals hijacked fuel merchants’ networks in North America this summer to steal payment card data.
Payment giant Visa revealed that there were three types of attacks, two of which allegedly launched by the same hacking group: FIN8.
The first attack began with a phising email sent to a fuel dispenser merchant.
Once an employee opened it, the hackers were able to install a Trojan that granted access to the victim’s network to conduct reconnaissance and obtain access to the other areas of the network.
Once done, the hackers installed a random access memory scraper that harvested payment card data.
Visa has named the cybercrime group FIN8 as the likely culprit behind the next two attacks due to the code bearing several similarities with the code used by the group in the past.
The second attack targeted another North American fuel dispenser merchant. While it is unclear how the second attack began, the end result was the same: FIN8 gained access to the merchant’s network and a scraper was installed into the POS environment to harvest payment data.
It only seem to have targeted customers using their cards’ magnetic strips to pay and not the one paying by using the chip.
The third attack targeted a North American hospitality company by using malware featuring a shellcode backdoor.
Visa also noted that the attack differed from simple skimming attacks as the hackers needed to access the victims’ network to succeed.
Copyright © 2018 RegTech Analyst
