Visa reveals point of sale cyberattacks against fuel merchants and a hospitality firm

From: RegTech Analyst

Cybercriminals hijacked fuel merchants’ networks in North America this summer to steal payment card data.

Payment giant Visa revealed that there were three types of attacks, two of which allegedly launched by the same hacking group: FIN8.

The first attack began with a phising email sent to a fuel dispenser merchant.

Once an employee opened it, the hackers were able to install a Trojan that granted access to the victim’s network to conduct reconnaissance and obtain access to the other areas of the network.

Once done, the hackers installed a random access memory scraper that harvested payment card data.

Visa has named the cybercrime group FIN8 as the likely culprit behind the next two attacks due to the code bearing several similarities with the code used by the group in the past.

The second attack targeted another North American fuel dispenser merchant. While it is unclear how the second attack began, the end result was the same: FIN8 gained access to the merchant’s network and a scraper was installed into the POS environment to harvest payment data.

It only seem to have targeted customers using their cards’ magnetic strips to pay and not the one paying by using the chip.

The third attack targeted a North American hospitality company by using malware featuring a shellcode backdoor.

Visa also noted that the attack differed from simple skimming attacks as the hackers needed to access the victims’ network to succeed.Visa, hack attack, FIN8,

Copyright © 2019 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research

Investors

The following investor(s) were tagged in this article.