According to Visa, cybercrime groups have targeted North American gas stations with point-of-sale (PoS) malware. 

In the summer of 2019, three separate attacks were detected, but only two of the attacks impacted the PoS systems of fuel dispenser merchants. Despite this, Visa believes that these businesses will become an increasingly attractive target for criminal groups. 

The Visa Security Alert claims that the attacks identified were focused on harvesting Track 1 and Track 2 payment card data, due in part to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the lack of secure acceptance technology. 

In the first attack, cybercriminals sent a phishing email to a gas station employee which contained a malicious link that directed the employee to a remote access Trojan (RAT) that gave the hackers access to the compromised network. After conducting reconnaissance, the attackers used credentials to move laterally in the PoS environment. This was due to the lack of segmentation between the cardholder data environment (CDE) and the corporate network.

The attackers then deployed a random access memory (RAM) scraper on the PoS system to collect payment card data. 

The second attack targeted another merchant in North America, but the method of attack and lateral movement method is currently unknown. Visa has been able to confirm that the criminals deployed a RAM scraper onto the PoS system and harvested payment card data from it. 

This particular merchant accepted both chip transactions and magnetic stripe transactions. The malware injected into the POS environment appears to have targeted the magstripe data in particular, so the cards used at the non-chip fuel pumps were at high risk. 

Indicators of compromise collected from the infected systems suggest that the attack was carried out by FIN8 Group, the hacking group that's been targeting the restaurant, retail and hospitality industries since 2016. 

NNT suggests implementing hardened build standards and real-time file integrity monitoring to help protect customer payment data from today's dangerous cyber threats.

Learn more about our solutions for the retail and hospitality industry 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
NNT logo New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
email [email protected]
UK Office
NNT logo New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.