VISA has recently issued a cybersecurity alert for the residents of North America. VISA has noticed a wave of POS malware attacks at various fuel dispensing systems in the region. They suspect an increase in these attacks precisely targeting fuel dispenser merchants.
VISA Warns Of POS Malware Attack
In a security alert issued recently, VISA has warned of sophisticated POS malware attack in North America. These attacks specifically target the fuel dispensers in the area.
Reportedly, the Visa Payment Fraud Disruption (PFD) detected three such incidents on the point-of-sale (POS) systems of fuel dispenser merchants.
In the first incident, the attackers gained access to the merchant’s network via an email phishing attack. The attackers could install the system with RAT and spread laterally by obtaining credentials due to a security lapse. As explained in the notice,
There was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network, which enabled lateral movement.
In addition the attackers also used RAM scraper to harvest payment card data.
In the second incident, it remains unknown how the attackers gained access to the target merchant’s POS network. Yet, the attackers moved laterally on the network to harvest card data, specifically targeting the mag stripe/track data.
The third incident targeted a North American hospitality merchant. According to the PFD analysis, the malware involved in this attack also linked back to the cybercrime group FIN8. They found it based on the RM3 variant of Ursnif banking Trojan.
Whereas, the IOCs of the second incident also hinted at the involvement of FIN8.
Recommended Mitigations
VISA recommends numerous strategies for the vendors to protect their POS systems. These include,
- Protect remote access with safe passwords and restricting unnecessary access
- Monitor network traffic
- Enable EMV technology
- Apply network segmentation to prevent malware spreading
Moreover, users can also apply other cybersecurity measures to keep their small businesses and online shops safe from cyber attacks.
Let us know your thoughts in the comments.