One of the world’s largest payments company has a ‘security’ warning

Payment processor company Visa has issued a warning for its users regarding a Point of Sale (POS) malware attacks that have been witnessed at fuel dispenser merchants in North America. Visa Payment Fraud Disruption (PFD) has identified these attacks saying that there these merchants are an increasingly attractive target for cybercrime groups.
PFD categorises the attacks in two parts. In the first case, the attack happens through a phishing email sent to an employee. Liking every phishing email, this too includes a malicious link that, when clicked, installed a Remote Access Trojan (RAT) on the merchant’s network and granted the attackers network access. Then they obtain and utilise the credentials to move laterally into the Point of Sale environment of the merchant. PFD says that the lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network enables this lateral movement. Once the attackers get access to POS environment, a Random Access Memory (RAM) scraper gets deployed on the POS system to gather payment card data.