Minerva Studio - stock.adobe.com
Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer
The payment card information belonging to thousands of customers of Singapore banks was believed to have been compromised by a type of web-based malware and put up for sale on the dark web, according to Singapore-based cyber security company Group-IB.
During their analysis of underground card shops, Group-IB’s threat hunting team discovered a spike in the sale of raw data of 4,166 compromised payment cards – including CVV, card number and expiration date – issued by Singapore banks.
Group-IB said the data was uploaded in April 2019, and that the spike took place on 1 April when a database containing data on 1,726 compromised cards was put up. The mean figure from January to August 2019 was 2,379 cards per month.
The malware can infect websites powered by different content management systems and is hard to uncover using traditional signature-based detection methods, making it even more dangerous, said Group-IB.
In the first eight months of 2019, Group-IB experts found data on 26,102 compromised payment cards issued by Singapore banks that were put up for sale on dark web card shops. The total underground market value of this data is estimated at nearly $1.8m.
Nevertheless, Group-IB said Singapore offers a higher level of protection compared to other countries in Asia-Pacific, thanks to security measures mandated by Singaporean authorities, such as the use of one-time passwords for online transactions, as well as EMV chip cards.
Read more about cyber security in APAC
- A Russian-speaking APT group has extended its reach into Asia-Pacific, taking off with millions of dollars of stolen funds from banks in the region.
- A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare.
- A team of University of Melbourne researchers has been able to re-identify individuals from a public transport dataset, raising serious privacy, safety and security issues.
- While Australian businesses should avoid going into checkbox compliance mode, the constant flux of regulations on cyber security and privacy has led to calls for more legislative coherence from regulators.