Card Thieves Changing Tactics (Again)

A missle
Don’t Help Fund North Korea’s Weapons Program
January 14, 2020
man sitting at computer
In Which States Is Credit Card Fraud Most Prevalent
January 28, 2020
A missle
Don’t Help Fund North Korea’s Weapons Program
January 14, 2020
man sitting at computer
In Which States Is Credit Card Fraud Most Prevalent
January 28, 2020

As long as credit cards exist the information that can be found on those cards is extremely valuable. While we still see skimmers on ATMs and on gas pumps they are not quite being found in the same frequency that they used to. Is that a sign that payment security has finally caught up and defeated the thieves?

No, unfortunately it hasn’t.

Credit card thieves have always adapted to security enhancements and law enforcement efforts. They have almost been able to stay one step ahead of law enforcement and that continues even today. Thieves are beginning to move away from placing physical skimmers and instead are placing virtual ones.

Researchers at IBM have found evidence that criminals are working on injecting scripts into commercial grade Level 7 routers that can steal payment information. These kind of attacks have been dubbed Magecart attacks or web skimming and they have existed before, but only at the website level. 

What Are Level 7 Routers?

So what are Level 7 routers? They are the equipment that helps large networks operate. Large networks like in government facilities, hotels and large businesses. They can even be found providing Internet service in public spaces and malls.They work like any router but they have the ability to manipulate traffic at the Application Layer (or Layer 7, the top level of the OSI Networking Model). It can react to traffic based off of more than just the IP Address but also cookies, domain names, browsers and more.  

You might have one of these in your business or if you have an ecommerce store some of your traffic comes over a network that uses one of these. What makes this kind of attack scary is that it is very hard to detect at this point and IBM has found these scripts in what appears to be a test run. It is unclear if any of these attacks have been detected in the wild but IBM believes that they have.

The benefits of this kind of attack should be obvious. There are a lot of people who make credit card payments at malls, government facilities or other places that this equipment is used. It has the potential to snare a lot of information that can then be used or sold on the Dark Web. This could have a major hit on consumer confidence and that could affect you in a big way.

What Can Be Done To Prevent This?

While Magecarts attacks are not new this particular style is new so a countermeasure has not been developed yet. Experts recommend customers only use a trusted network like one in their home or work to purchase anything online. Targeting a router in the home will produce little dividend so chances are this will not be attacked as the reward is not worth the effort. They also recommend customers use a virtual card for online shopping as well where users get a one time number for online transactions. These numbers are used for one transaction only and become useless for thieves after use.

For you, the merchant, the only thing that you can do is to make your system as secure as possible. Make sure all updates are processed from your computer system to your routers. You may not have a Level 7 router, but you might. Don’t forget to also change any default username and password as well. Make the thieves work, because they generally move on to another target someone else when one proves to be too difficult. 

Much of this is also the basis of PCI Compliance as well. PCI Compliance checks a lot of boxes and requires you to do a lot of things but there is a reason for it. Part of that is to make these kinds of attacks and other new kinds more difficult.