Cybercriminals are on a mission. They want to take advantage of point of sale (PoS) technology as much as possible before it totally switches over to chip technology. Even though the EMV card payment system came online late last year, many businesses and credit card issuers have been slow to migrate to the new PoS technology. FireEye recently identified one such group of cybercriminals, calling it FIN6, which is stealing credit card numbers from the old PoS terminals and selling them through underground channels. Bloomberg explained:
Malware such as GRABNEW, which captures login credentials, can come as an e-mail attachment, FireEye said. FIN6 either sends that malware or pays others for the credentials.
Once FIN6 gets into a company’s network, it uses software vulnerabilities to move around and locate card numbers. One FIN6-linked case resulted in 20 million cards, mostly from the U.S., in the online shop, selling for about $21 each, Milpitas, California-based FireEye said.
Cybercrime is big business. Cybercriminals like FIN6 are out to make a profit, just like any other big business. So much so that it led Trustwave to look at the business of cybercrime. In its 2016 Trustwave Global Security Report, Trustwave took a deeper look at how cybercriminals are running malware-as-a-service operations, how they target and access data, and even how businesses are responding to cybercrime. Yes, Trustwave found, cybercriminals follow a business model. Trustwave Chief Executive Officer and President Robert J. McCullen said in a formal statement:
Cybercriminals have been congregating and organizing for years, but 2015 showed a marked increase in the behavior we would normally associate with legitimate businesses. Based on the study of numerous security incidents, exploit kits and malvertising campaigns, our 2016 Trustwave Global Security Report shows businesses how and where these sophisticated criminal organizations are most likely to attack, and more importantly, how to defend their assets.
The retail industry is the top target of cybercriminals – not surprisingly, since the report also found that the most-favored data of the bad guys comes from credit cards. In 60 percent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from PoS environments, and card-not-present (CNP) data (29 percent), which mostly came from e-commerce transactions. The report also found that malvertising is on the rise.
As Lorna Garey wrote for Channel Partners, even though retail is the top target, no industry is safe because cybercrime is lucrative:
Trustwave previously demonstrated how attackers launching a malware infection campaign could earn $84,100 from a $5,900 investment in just 30 days. In some cases, they’re operating on the cloud pay-as-you-go model so popular with customers, subscribing to a service that delivers access to a steady stream of new exploits.
Criminal groups like FIN6 are running as big business and it is working. Now it is up to organizations to take a similar approach to fighting cybercrime.