Payment
processor Visa has warned that the POS systems of fuel stations
merchants are being targeted. The card company says hackers are trying to install
malware on their networks. The attackers may have found a weak link and
discovered how the gas pump and gas stations operators function. Last month,
Visa warned of an imminent attack after investigating a series
of incidents relating to similar attacks on POS.
The
POS malware carries out its activity by scraping the computer’s RAM to gain
access to customers’ unencrypted payment data cards. It then retrieves the
information and sends it to a remote server. While the POS terminals of some
other types of merchants support pin and chip transactions, those used on gas
pumps do not use the same technology.
The card readers installed on gas pumps still make use of an older technology that is only able to decode customers’ payment data from the magnetic stripe of the card. This makes them more vulnerable to attacks. And, according to VISA, some hackers have found a way to infiltrate their system.
VISA
Payment Fraud Disruption (PFD) said it had identified the first hacking
incident, where the perpetrators targeted fuel dispenser merchants. It said
that the unidentified attackers used a phishing email that compromised their
target. It enabled them to use a Remote Access Trojan (RAT) to infect one of
the systems.
Once
they have infected the system, the hackers had total access, which makes it
very easy to gain enough credentials from the network. With access, the hackers
were able to go through the network’s POS system to gain access to sensitive
information. They employed the final stage of the attack by using a RAM
scraper. With the scraper, they were able to steal the payment card data of
customers who used the POS system.
These
hackers made use of a relatively unfamiliar vector model to gain access to the network
and infect the POS system with the malware. They used the RAM scraper which
infiltrated magnetic stripe transactions in particular.
VISA
says that the malware used in the POS attack deployed wmsetup.tmp, a temporary
output file, which accommodated the scraped payment data. According to Visa,
the file was previously known for its attacks on FIN8 and other malware
associated with FIN8. A new malware that works on the RM3 variant was also
discovered. It’s a banking malware that attacks through exploit kits and
phishing methods.
Although this new malware was not used in the fuel dispenser merchant attack, Visa said it is still possible for the malware to be deployed in future attacks that target dispenser merchants.
Some security researchers have been monitoring similar attacks for the past four years. They have confirmed that there is evidence of these malware attacks on POS of some gas stations. These attackers can take very sensitive information about customers from the POS dispenser and send them to a remote server.
VISA
has also warned that the POS system of Magnetic Stripe could come under attack
as hackers have been targeting the system. VISA pointed out that the attack
model of these hackers is quite different from the popular skimming methods at
fuel pumps.
The Card Company stated that this model requires more technical ability as the threat actors gain access to the merchant’s internal network. It required a high level of technical competence to achieve such a hacking feat, according to VISA. The POS system is very sophisticated to breach, but these new threat actors still find a way to breach into the internal system of the merchant. VISA says it is different from the skimming threat.
The payment processor warns that fuel dispenser merchants should be alert and provide counter-measures to protect their network. They can use devices that provide support for a chip because it will reduce the possibility of these attacks to a great extent. VISA has been providing acquirers and merchants with different measures they can use to prevent these attacks on their network.
diamond cvv dumps gift card dumps