Forget the NSA. FBI Warns of Latest Credit Card Scam

New credit card scam reported by the FBI

New credit card scam reported by the FBI

Think before you swipe that credit card. Do you know about this latest scam reported by the FBI?

Bill Gertz reports in the Washington Free Beacon:

A recent cyber attack against a restaurant chain’s credit card system prompted the FBI to issue a warning last week that criminal hackers are using new malicious software to steal personal financial data.

An internal FBI cyber alert sent to U.S. companies Wednesday states that Bureau cyber investigators have identified software signatures used in a new point-of-sale malware called “Punkey,” after the 1980s sitcom character Punky Brewster. …

Cyber security expert Brian Krebs said he is unfamiliar with the restaurant chain mentioned in the alert.
“From my perspective, it could be any one of thousands out there that are currently compromised,” said Krebs, who runs krebsonsecurity.com.
“It’s really epidemic at this point, I’m afraid.”
Several high-profile hacks have used PoS malware in recent years, including those against the retailers Target, Home Depot, Michaels, and Neiman Marcus, and the restaurant chains P.F. Chang’s and Jimmy John’s. The Jimmy John’s hack was disclosed in September and is the most recent high-profile point-of-sale criminal cyber attack.

The malware works by scanning and “scraping” uncoded plaintext credit card data that is found in the random access memory of payment processing computers, card readers, and terminals that are used to make purchases, by sliding credit cards through a reader during payment transactions.

Criminal hackers have been able to penetrate the Internet-based networks used in the payment systems and obtain the credit card information from millions of consumers.

The stolen data is then posted for sale to others online in so-called “dark net” forums used by criminals and other hackers.

Jimmy John’s said Sept. 24 that credit and debit card data was stolen at 216 of its stores on July 30, Reuters reported.

A hacker broke into the company’s network and stole log-in credentials from a company vendor and used credentials to remotely access point-of-sale systems.

The new Punkey malware was discovered by security researchers at Trustwave, a Chicago security firm, that described it in a blog post as a sophisticated cyber threat. The malware is capable of injecting itself into computers, conducting scans of systems, encrypting stolen data, and then communicating with remote servers that are used to store and retrieve stolen credit card data.

Researchers at Trustwave and the U.S. Secret Service said Punkey operates in ways similar to another PoS malware called NewPOSThings.

Punkey, however, utilizes an advanced encryption data-scrambling capability with an embedded de-coding key.

Punkey also has capabilities that allow the malware to download additional malware tools into infected systems.

Some 75 point-of-sale terminals were found to be infected by Punkey software, according to security researchers.

Trustwave’s Eric Merritt said in a blog post that the malware was named after a part of its code that spells P(ost)unkey, and thus similar to the character in the sitcom.

“While this malware shares some commonalities with [the NewPOSThings] family, it departs from the standard operating procedure of the previous versions rather dramatically,” Merritt said.

According to Merritt, Punkey comes in 32-bit and 64-bit versions that infect Microsoft Windows software used in payment terminals. The malware captures payment data as it is being processed and can also record key strokes of employees who type in additional information during a credit card transaction.

Once the malware penetrates computers, it sets up registry startup tools that make it difficult to detect and remove the software.

By encrypting the stolen credit card numbers and other data, the cyber criminals using Punkey make it more difficult for other criminals to steal the data from them. The coding also adds to the value of the stolen credit card numbers sold later on the Internet black market. …

Merritt said a key feature is Punkey’s ability to inject additional malware from remote servers and check for updates.

“This gives Punkey the ability to run additional tools on the system, such as executing additional reconnaissance tools, or performing privilege escalation,” Merritt said. “This is a rare feature for PoS malware.”

What will you do to protect yourself and your family? Please post in the comments.

 

The Teri O'Brien Show

book