In this week's recap, a recently discovered hacking group is rolling back ATM transactions to dupe banks, the White House seeks its first CISO, additional details are revealed in the DHS & FBI hack, a new survey reveals the dark future many businesses have resigned themselves to regarding breaches, and the Rippleshot team covers the increase in gas pump skimming.
A newly discovered group called Metel is targeting financial institutions’ support systems, and gaining access to machines that have access to transactions in order automate the rollback of ATM transactions. This clever scheme helps them cover their tracks and patterns of fraudulent transactions, since the rollbacks ensure debit card balances remain the same, regardless of how many ATM withdrawals have taken place.
On Tuesday, the White House announced that it is looking to hire its first ever Chief Information Security Officer. As The Guardian notes, the government already has a number of groups in charge of preventing hackers from accessing government files, whether it’s the special assistant to the president for cybersecurity, the DHS’s deputy undersecretary of homeland security, or the NSA. Officials say the CISO will however, be exclusively in charge of the government’s “cyber-hygiene.”
A hacker on Sunday and Monday published the names, titles, phone numbers and email addresses of thousands of FBI and Department of Homeland Security employees. In the interview with Vice, the hacker claimed he had access to 1TB of data, some including military emails and credit card numbers, though he only downloaded around 200GB of files.
In a recent report by NTT Com Security, two-thirds of the 1000 business decision makers surveyed felt that suffering a breach was inevitable in the future, regardless of how secure they believed their data to be. They also cited an estimated minimum recovery cost of at least $1 million.
We’ve long covered the issues with gas pump skimmers, and have consistently seen automated fuel dispensers (MCC 5542) show up in the most compromised merchant categories. But this history, combined with the extended deadline for gas stations to become EMV compliant, has led to them being an even bigger and easier target for hackers - especially for repeat incidents. Read more here.
Get our weekly recaps in your inbox as soon as they're published by signing up below: