News

Information on a million of South Korean bank cards put up for sale on darknet

Gemini Advisory experts found that the darknet offers payment card data of more than a million South Korean users. Now country’s authorities and companies are trying to figure out exactly where the leak occurred.

According to researchers, information on 890,000 and 230,000 payment cards was put up for sale at an unnamed hacker forum in July and June of this year.

“The demand for payment card data from banks in the Asia-Pacific region has always been high. However, many of these financial institutions have less sophisticated security and protection systems, comparing with their Western colleagues, and cybercriminals realized that cards in the Asia-Pacific region much better for them in comparison to cards from North America”, – experts say.

Since the dumps contained only CP (Card Present) data, this automatically excludes the possibility that the leak occurred through software skimmers (MageCart scripts) installed in hacked online stores.

Read also: New Hexane Cyber Group Attacks Middle East Industrial Enterprises

Experts believe that attackers could collect information about more than million cards using malware installed in Point-of-Sale (PoS) systems in stores or restaurants.

Reference:

CP fraud involves collecting payment card information from in-person transactions. The most common way to do this is by installing malware into a system that has point-of-sale (POS) devices on its network. When a threat actor gains access to a system, they can install additional malware or backdoors in order to access card data. This POS malware can scrape random-access memory (RAM) to obtain card information from a device’s temporary memory before it is initially encrypted. The threat actor thus captures the desired plain text card data and can encrypt it and send it back to their own server.

According to Gemini Advisory experts, the black market has long been experiencing a high demand for data on cards from South Korea. This could serve as a reason for the growth of offers, so hackers could begin to intentionally attack targets in South Korea.

High demand also explains why scammers sell these dumps at a higher price: the researchers estimated that now the median price for one card is $ 40, which is significantly higher than the average price of South Korean CP data in darknet last year (approximately $ 24 per card).

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button