According to Visa, cybercrime groups have targeted North American gas stations with point-of-sale (PoS) malware. 

In the summer of 2019, three separate attacks were detected, but only two of the attacks impacted the PoS systems of fuel dispenser merchants. Despite this, Visa believes that these businesses will become an increasingly attractive target for criminal groups. 

The Visa Security Alert claims that the attacks identified were focused on harvesting Track 1 and Track 2 payment card data, due in part to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the lack of secure acceptance technology. 

In the first attack, cybercriminals sent a phishing email to a gas station employee which contained a malicious link that directed the employee to a remote access Trojan (RAT) that gave the hackers access to the compromised network. After conducting reconnaissance, the attackers used credentials to move laterally in the PoS environment. This was due to the lack of segmentation between the cardholder data environment (CDE) and the corporate network.

The attackers then deployed a random access memory (RAM) scraper on the PoS system to collect payment card data. 

The second attack targeted another merchant in North America, but the method of attack and lateral movement method is currently unknown. Visa has been able to confirm that the criminals deployed a RAM scraper onto the PoS system and harvested payment card data from it. 

This particular merchant accepted both chip transactions and magnetic stripe transactions. The malware injected into the POS environment appears to have targeted the magstripe data in particular, so the cards used at the non-chip fuel pumps were at high risk. 

Indicators of compromise collected from the infected systems suggest that the attack was carried out by FIN8 Group, the hacking group that's been targeting the restaurant, retail and hospitality industries since 2016. 

NNT suggests implementing hardened build standards and real-time file integrity monitoring to help protect customer payment data from today's dangerous cyber threats.

Learn more about our solutions for the retail and hospitality industry 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.