recommended reading

Threatwatch

South African banks roiled by hacked KFC credit card terminals

Credential-stealing malware; Payment device infection

Sales devices corrupted by malicious software at fast food outlets have cost financial institutions tens of millions of rand, resulting in one of the country’s worst breaches of customer card data.

KFC was particularly hard hit by the malware, called Dexter. The breach affected most of South Africa’s card-issuing banks.

The infection came from overseas, possibly involving a crime syndicate based somewhere in Europe, Payments Association of South Africa CEO Walter Volker said. The South African Police Service, Interpol and Europol are all involved in an investigation to bring the syndicate or syndicates responsible to justice.

Banks noticed unusual levels of suspected fraud at certain fast-food restaurants earlier this year.

“It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up,” Volker said. “This one was a variant that was changed to [avoid detection] by the antivirus software.”

When account holders presented their cards to be swiped, malware hidden in the infected terminals read the card numbers and sent this information to a syndicate.

Card numbers filched by the Dexter variant already have been used to make in-store purchases in the United States. “This has led to arrests,” Tech Central reports.

The hackers did not copy the “card verification value” security numbers on the backs of the cards, so criminals are not able to use the cards to shop online.

Volker assured that “all the fast-food retailers have been cleaned out as far as possible...We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket [as the banks will honor losses].”

He added that it’s “very difficult” to estimate how many cards have been compromised, but it’s “certainly not in the millions.”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Financial Services; Food and Beverage

reported

October 15, 2013

reported by

Tech Central

number affected

Unknown

location of breach

South Africa

perpetrators

Criminals

location of perpetrators

Europe

date breach occurred

Unknown

date breach detected

2013

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.