Over 30 Million Stolen Credit Card Records Being Sold on the Dark Web

Cybercriminals were found selling over 30 million credit card records on the dark web, purportedly from a data breach suffered by a U.S.-based gas station and convenience store chain last year.  

The sale of the data collection, advertised under the name BIGBADABOOM-III on the dark marketplace Joker’s Stash, comes in the wake of the company’s data security incident disclosure. The breach was caused by a PoS malware attack, which compromised its point-of-sale (PoS) devices and was left undetected for 10 months and was only discovered in December last year. The breach affected 860 convenience stores, of which 600 were also gas stations. The company already alerted the card-issuing institutions about the breach and the online sale.

Gemini Advisory reported that about 30 million of the card records were from more than 40 U.S. states, while around 1 million were from more than 100 different countries. Most of the U.S.-issued credit card details were collected from Florida and Pennsylvania. The internationally issued ones were traced to Latin America, Europe, and several Asian countries. The researchers surmised that they were collected while the cardholders visited the U.S. and transacted with the local gas stations.

Prices range from US$17 for U.S.-issued cards and can go up to US$210 for internationally issued cards. The Gemini Advisory team noted that, as with earlier cases, the actors behind the forum waited for media coverage of the breach before advertising the loot of card details to take advantage of the publicity and boost their credibility.

The dark web has always been a cesspool for criminals, not just for the sale of stolen data but for many other illegal activities. While it thrives in data breaches, the cybercrime underground continues to evolve as threat actors expand their nefarious skillset: Trend Micro researchers discovered that cybercriminals have also started taking interest in the internet of things (IoT) and even physical crime. In line with the financially motivated nature of most attacks, a great number of underground cyber offenders target banking institutions. It is estimated that this sector alone can lose an estimated US$100 billion to US$300 billion in a year from cyberthreats.

Security against PoS malware

The dark web is the black market for stolen data, and PoS malware act as thieves that rob credit card credentials from unsuspecting customers. This type of malware, which can infiltrate retail stores, restaurants, hotels, and other establishments that use credit card payment devices, can cost businesses their customers’ trust. To protect customer data and other information, businesses are advised to do the following:
  • Adhere to the latest PCI security standards. Besides helping companies avoid hefty fines for noncompliance, the standards help secure credit card details.
  • Install the latest patches for operating systems and applications to ensure that your system is up to date .
  • Watch out for unusual network activity such as suspicious data exfiltration.
  • Pay attention to frequent lags and glitches as they may be a sign that a piece of malware is operating in the background.
  • Check devices for physical tampering. Although this is related more to old-school skimming tactics than advanced malware, it’s still better to take extra precaution.
It is highly recommended to protect PoS devices with Endpoint Application Control. This solution secures the device through whitelisting technology, which regulates the applications the devices can access by allowing only recognized apps while prohibiting unknown ones.

Above all, it is best to take a multilayered security approach in order to protect not just the payment device but other components of the PoS system as well: the router, the web server, and the database.

Cardholders who notice their card information being used without their permission are urged to report the incident to the bank or the establishment that issued the card so the account and card use can be suspended as soon as possible.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.