Security News
An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds. ChipMixer has been one of the largest cryptocurrency mixing platforms operating on the dark web since 2017, allowing users to convert their money into untraceable "Chips," which are then cashed out on "Clean" cryptocurrency addresses that can be converted to FIAT money.
Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines. "Contactless credit cards offer a convenient and secure way to make payments without the need to physically insert or swipe the card," the researchers wrote.
The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called GHOST transactions.
New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.
Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.
In 2023, companies will need to have a firm understanding of secure payment methods and be ready to pivot as the legislation landscape evolves in the next 12 months. Emergence of Omnichannel payments within the contact center: By implementing an omnichannel contact center payment strategy, companies can personalize the customer experience, allowing consumers to pay via multiple channels using multi-payment methods.
The PCI Security Standards Council published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS builds on the existing PCI Software-based PIN Entry on COTS and PCI Contactless Payments on COTS Standards, which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf mobile device.
E-commerce fraud is expected to cost merchants in excess of US$48 billion globally in 2023, up from over $41 billion in 2022 according to Juniper Research. It predicted that this growth will be accelerated by increasing use of alternative payment methods, such as digital wallets and BNPL, which are creating new fraud risks.
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. "Within the body of the email, the scammers will indicate the specific service to be renewed with a price commonly in the range of $300 to $500 USD, provoking a sense of urgency in the victims to contact them and provide information for a refund," the FBI said.
The cybercrime gang's business email compromise campaign is targeting marks in the US, Europe, Australia, and the Middle East using blind third-party impersonation tactics, via email addresses hosted on domains that closely resemble the firms' real domains, and sending emails that include the actual address and VAT number of the impersonated companies. The emails look real and if the targets were to search Google for the lawyers' or law firms' names, they would seem legitimate.