Massive Leak in Restaurant Chain
Four popular restaurant diners in in the east and Midwest had their customers’ payment card information stolen. Three of those four restaurants are owned by the same parent company, Focus Brands.
The stolen cards were sold on the Joker’s Stash, a Dark Web destination that trades payment-card data. Joker’s stash might sound like something out of a comic book, but it’s very real and very dangerous.
What is Joker’s Stash?
Joker’s Stash is the biggest and most reputable Dark Web marketplace out there and periodically features a fresh list of payment card information available. As a result, it quickly became an expensive site featuring card information from high-value targets like restaurants and even government officials.
The website has stolen card information from places like Sonic Drive-In, the supermarket chain Hy-Vee and others.
Cyber-criminals who buy this information usually use the data to clone the real cards and withdraw the money from ATM’s. What’s more, in 2015, the dark web card shop added a section offering social security numbers as well. This isn’t just a problem for people in the U.S. Cybercriminals target whoever they can, wherever they can, not just restaurants.
1.3 Million Stolen Cards For Sale
In late October of 2019, 1.3 million Indian payment cards were put on Joker’s stash for sale at $100. This is evidence that there is a demand for websites like Joker’s stash.
Group-IB, a cybersecurity firm in Singapore was the first to find the stolen data. After analyzing the cards on the site said over 98 percent of the cards were issued by Indian banks. Only about 1 percent of the cards were stolen from Colombian banks.
The India card dump is considered the third largest in 2019 by researchers, in regards to size. However, this isn’t typical for this type of dump. Usually, the cards are released in small quantities, over a longer period of time. Experts say that a data dump of this size suggests the criminals wanted to make a profit from as many cards as possible before banks and cardholders realized the fraud had taken place.
Although how the data was stolen remains unknown, it’s likely that it was obtained through a Point-of-Sale Data breach(POS).
Point-of-Sale Data Breaches
Point-of-Sale data breaches (POS) and occur when cybercriminals install malicious software on a business’s card-processing system. The malware is designed to copy data stored on a payment card’s magnetic strip when it’s swiped at an infected payment terminal.
How Does Joker’s Stash Work?
Unfortunately, Joker’s stash operates using Blockchain DNS, a blockchain system that lets website visitors avoid surveillance intervention and censorship from governments and ISP’s. In other words, Joker’s Stash uses a decentralized system that helps the site stay active if someone attempts to take it down.
The good news is that Fraud teams can use Joker’s Stash to understand what card data is made available and when. As a result, they’re able to determine the common point of purchase of affected cards. A report by Flashpoint, a business risk intelligence specialist, published an analysis that explains how this is the most reliable method of identifying the source of a breach.
All of this to say that POS data breaches are a problem for businesses if customers are afraid their card information isn’t safe.
The fraud intelligence company, Gemini Advisory, said out of the almost 2,000 locations that belonged to the restaurants, close to 50% were breached, according to an article by Insurance Business America.
There is No Safety in Numbers
As we’ve seen, breaches can affect not only retailers and restaurant chains but financial institutions as well. It could have been a bank in the U.S., not India, breached by cybercriminals. Capital One was breached in March, exposing more than 14,000 Social Security numbers and 80,000 bank account numbers.
This information could have been dumped into the Joker’s Stash website and sold for a few hundred dollars just as easily as with the Indian banks. The Department of Justice arrest a Seattle Tech worker, Pagie A. Thompson, for the fraud. She claimed she didn’t do it for the money, but she could have made millions of dollars through sites like Joker’s Stash.
Cybercrimes cost banks more than $1 trillion dollars a year. That’s mainly due to financial institutions failing to comply with regulations, like FIRNA and SOX, creating compliance risks. However, as regulations change with technology, criminals adapt and develop newer ways to exploit regulations.
Breaches Will Get Worse
Banks are usually secure against external threats, but the biggest threats are internal. That is, careless employees. Financial institutions are finally getting around to training their employees, but that might not be enough. Implementing a strong cybersecurity plan is key in a world lurking with criminals ready to leverage any vulnerability a firm might have.
Dark web card sites like Joker’s Stash make are growing more popular and profitable. If these breaches have shown anything it’s that Joker’s Stash isn’t going away. The best chance businesses have is to adapt. That said, cloud security and multi factored authentication are making easier to do so.