Point-of-Sale (POS): Over the past two months, the authorities and the companies in South Korea have been suffering a lot and now they have been scrambling to track down one of the major card breaches of this year as the details of over one million payment cards have been put up for sale online in the dark web markets. Considering the months June and July, details for 890,000 and 230,000 payment cards had been put up for sale on one of the hacking forums as stated by the cyber security researchers from the Gemini Advisory.
As of now, the source of these payments has not yet been identified as known from the researchers. The fact with these skimmed card details is that the card records only bore CP details or the Card Present details that automatically null and void the web-based skimmers or the Magecart Scripts to be installed on the online stores. On the contrary, some of the PoSsible sources that presented the crooks with the card records include:
- Card skimmer devices are installed on ATMs or the PoS terminals
- There might be any data breach at a bank, payment provider or PoS company
- The malware has been installed on Point-of-Sale or PoS systems at the restaurants or stores.
Nevertheless, due to the fact that the EMV cards are widely adopted in South Korea, the first source is most unlikely.
Image Source: https://cyware.com
The Gemini team has at the same time pointed out that there was a high demand for the card data of South Korea on all the cybercrime forums before the latest data dump which possibly have triggered the cybercrime groups going after the targets from the South Korea and indirectly causing the latest data breach. This high demand has also explained the reason behind the crooks to sell this payment card dump at a higher price that before on the dark web markets.
Christopher Thomas, the security researcher with the Gemini Advisory has explained in a mail why the cybercrime groups have been recently focusing on and targeting South Korea and as well as the Asia Pacific region as a whole in the recent years.
The complete case does bear resemblance to a report from February 2019 when the security researchers have found out card records for 2.15 million US citizens on an underground carding forum. A month following this, that same card dump could be related to a breach at the Earl Enterprises which is a U.S. company owning several restaurant chains like the Planet Hollywood and Earl of Sandwich that has admitted to the hackers breaching its IT network, and also planting the PoS malware at various restaurants. As of now, the mystery of where these South Korean card details came from remains unsolved, although, this would not remain a mystery for longer. With the card cloning or carding groups start purchasing and using the cards, the owners will start reporting the fraudulent activity and hence, the authorities will eventually trace down the payment handler that is common in all of the victims’ reports.
Source: ZD Net
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.