VISA recently published a security alert addressing the ongoing threat of attacks on North American fuel dispenser merchants by coordinated cybercrime groups. According to the Visa Payment Fraud Disruption, three attacks on fuel dispenser merchants were observed over the summer of 2019, each with the end goal of scraping credit and debit card data. The published alert follows a warning from November that warns that fuel merchants are becoming attractive targets due to their lack of point-to-point encryption and non-compliance with PCI DSS, among other reasons.
PFD states that unknown attackers used a phishing email that allowed them to compromise their target and infect one of the systems on the network using a Remote Acess Trojan, ultimately providing them with direct network access and the ability to obtain credentials. The last stage of the attack consisted of the threat actors deploying a RAM scraper that allowed them to exfiltrate users’ payment card data. In other incidents, PFD claims that threat actors used malicious tools traced back to the financially-motivated FIN8 group.
Read More: VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems