Search This Blog

Showing posts with label Cyberfraud. Show all posts

Online Credit Card Skimming on a Continual Rise – Here's How to Prevent it


Credit card skimming has already been on a rise prior to the pandemic and the trend is most likely to develop in the near future as online shopping has seen a dramatic jump due to the confinement measures imposed in various nations – giving cybercriminals more opportunities to bank upon than ever.

Popularly known as, 'Magecart' moniker, web skimming is the practice of compromising online stores and stealing payment card data in the process. In March, web skimming soared by 26%, as per the data by MalwarebytesLABS.

Credit card skimming is a form of credit card theft where crooks steal victims' credit card credentials and other sensitive information through a skimmer which is a small device constructed to steal information stored on credit cards when victims carry out transactions at ATMs. Lately, the terminology has been expanded to include malicious code that targets payment card data filled on e-commerce websites while making purchases. By either means–hardware or software, skimming attempts to achieve the same goal of performing fraudulent transactions by using the stolen data.

As various nations upgraded their cybersecurity by moving to chip-enabled cards, crooks have also continually adopted new and sophisticated methods to avoid detection. Certain skimming devices are designed to fit into the card reading slot – known as "deep-insert." They are intended to read data from the chips on chip-enabled cards.

Consumers are advised to stay extra cautious as there is not just a single way to fall in the trap of skimming, security experts recommend looking for signs of tampering like chunks of metal or plastic that seem off in dispositions, strange holes, or constituents, not in alignment with the rest of the ATM.

To prevent online skimming, there is not much one can do directly as they can't control the affected software. However, consumers can constantly monitor their card statements to look out for unauthorized transactions. They can use virtual card numbers to make online purchases if the bank offers of can also pay with smartphones; services such as Google Pay and Apple Pay that uses tokenization, replacing the real number with a virtual one, assures a great deal of security for real number by not exposing it. Another way to ensure safety is by making use of an alternative e-wallet service like PayPal.

Recent skimming attacks include a data breach disclosed by Warner Music Group, The American Payroll association's report wherein cybercriminals installed skimming malware on the login page of their website as well as the checkout section by exploiting a vulnerability in the company's CMS. Magecart skimmers also employ Telegram as a means for sending stolen credentials back to its C2 servers.

United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks


The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint warning on August 26th, alerting that North Korean hackers have reopened their campaign of targeting banks across the globe by making fraudulent transactions and ATM cash-outs.

The threat actors have made a systematic effort to attack financial institutions worldwide. They employ bold methods that do not guarantee a 100% success rate. However, these North Korean hackers have manipulated the ways in which some of the largest financial institutions interact with the international banking system. They dupe components of the system into making their hackers seem to be legitimate users; it allows them to transfer tens of millions of dollars into their accounts.

As these hackers continually intruded into bank transaction records and log files, financial institutions were prompted to release security alerts and necessary upgrades to counter and hence limit the threat. In haste to acquire valuable user data for ransom, these hackers have tampered hundreds of thousands of machines across the globe.

Notably, the attackers derived value from their failures and have amended their modus operandi in order to be more effective in their operations and fraudulent campaigns which can be seen in the $81 dollar theft from a Bangladeshi bank carried out by them in 2016. Other instances of their most profitable operations include attacking 30 countries in one single incident of fraudulent ATM cash-outs.

The alert came up with an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.”

These attackers’ “international robbery scheme” poses a “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” as per the alert.

They “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.” The alert further warned.