According to Visa, cybercrime groups have targeted North American gas stations with point-of-sale (PoS) malware.
In the summer of 2019, three separate attacks were detected, but only two of the attacks impacted the PoS systems of fuel dispenser merchants. Despite this, Visa believes that these businesses will become an increasingly attractive target for criminal groups.
The Visa Security Alert claims that the attacks identified were focused on harvesting Track 1 and Track 2 payment card data, due in part to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the lack of secure acceptance technology.
In the first attack, cybercriminals sent a phishing email to a gas station employee which contained a malicious link that directed the employee to a remote access Trojan (RAT) that gave the hackers access to the compromised network. After conducting reconnaissance, the attackers used credentials to move laterally in the PoS environment. This was due to the lack of segmentation between the cardholder data environment (CDE) and the corporate network.
The attackers then deployed a random access memory (RAM) scraper on the PoS system to collect payment card data.
The second attack targeted another merchant in North America, but the method of attack and lateral movement method is currently unknown. Visa has been able to confirm that the criminals deployed a RAM scraper onto the PoS system and harvested payment card data from it.
This particular merchant accepted both chip transactions and magnetic stripe transactions. The malware injected into the POS environment appears to have targeted the magstripe data in particular, so the cards used at the non-chip fuel pumps were at high risk.
Indicators of compromise collected from the infected systems suggest that the attack was carried out by FIN8 Group, the hacking group that's been targeting the restaurant, retail and hospitality industries since 2016.
NNT suggests implementing hardened build standards and real-time file integrity monitoring to help protect customer payment data from today's dangerous cyber threats.
Learn more about our solutions for the retail and hospitality industry