Cybercriminals are on a mission. They want to take advantage of point of sale (PoS) technology as much as possible before it totally switches over to chip technology. Even though the EMV card payment system came online late last year, many businesses and credit card issuers have been slow to migrate to the new PoS technology. FireEye recently identified one such group of cybercriminals, calling it FIN6, which is stealing credit card numbers from the old PoS terminals and selling them through underground channels. Bloomberg explained:
Malware such as GRABNEW, which captures login credentials, can come as an e-mail attachment, FireEye said. FIN6 either sends that malware or pays others for the credentials.
Once FIN6 gets into a company’s network, it uses software vulnerabilities to move around and locate card numbers. One FIN6-linked case resulted in 20 million cards, mostly from the U.S., in the online shop, selling for about $21 each, Milpitas, California-based FireEye said.
Cybercriminals have been congregating and organizing for years, but 2015 showed a marked increase in the behavior we would normally associate with legitimate businesses. Based on the study of numerous security incidents, exploit kits and malvertising campaigns, our 2016 Trustwave Global Security Report shows businesses how and where these sophisticated criminal organizations are most likely to attack, and more importantly, how to defend their assets.
The retail industry is the top target of cybercriminals – not surprisingly, since the report also found that the most-favored data of the bad guys comes from credit cards. In 60 percent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from PoS environments, and card-not-present (CNP) data (29 percent), which mostly came from e-commerce transactions. The report also found that malvertising is on the rise.
As Lorna Garey wrote for Channel Partners, even though retail is the top target, no industry is safe because cybercrime is lucrative:
Trustwave previously demonstrated how attackers launching a malware infection campaign could earn $84,100 from a $5,900 investment in just 30 days. In some cases, they’re operating on the cloud pay-as-you-go model so popular with customers, subscribing to a service that delivers access to a steady stream of new exploits.
Criminal groups like FIN6 are running as big business and it is working. Now it is up to organizations to take a similar approach to fighting cybercrime.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba