Information on a million of South Korean bank cards put up for sale on darknet
Gemini Advisory experts found that the darknet offers payment card data of more than a million South Korean users. Now country’s authorities and companies are trying to figure out exactly where the leak occurred.
According to researchers, information on 890,000 and 230,000 payment cards was put up for sale at an unnamed hacker forum in July and June of this year.“The demand for payment card data from banks in the Asia-Pacific region has always been high. However, many of these financial institutions have less sophisticated security and protection systems, comparing with their Western colleagues, and cybercriminals realized that cards in the Asia-Pacific region much better for them in comparison to cards from North America”, – experts say.
Since the dumps contained only CP (Card Present) data, this automatically excludes the possibility that the leak occurred through software skimmers (MageCart scripts) installed in hacked online stores.
Read also: New Hexane Cyber Group Attacks Middle East Industrial Enterprises
Experts believe that attackers could collect information about more than million cards using malware installed in Point-of-Sale (PoS) systems in stores or restaurants.
CP fraud involves collecting payment card information from in-person transactions. The most common way to do this is by installing malware into a system that has point-of-sale (POS) devices on its network. When a threat actor gains access to a system, they can install additional malware or backdoors in order to access card data. This POS malware can scrape random-access memory (RAM) to obtain card information from a device’s temporary memory before it is initially encrypted. The threat actor thus captures the desired plain text card data and can encrypt it and send it back to their own server.
According to Gemini Advisory experts, the black market has long been experiencing a high demand for data on cards from South Korea. This could serve as a reason for the growth of offers, so hackers could begin to intentionally attack targets in South Korea.
High demand also explains why scammers sell these dumps at a higher price: the researchers estimated that now the median price for one card is $ 40, which is significantly higher than the average price of South Korean CP data in darknet last year (approximately $ 24 per card).