Massive Leak in Restaurant Chain
Four popular restaurant diners in in the east and Midwest had their customers’ payment card information stolen. Focus Brand is the parent company of three of those four restaurants.
The stolen cards were sold on the Joker’s Stash, a Dark Web destination that trades payment-card data. Joker’s stash might sound like something out of a comic book, but it’s very real and very dangerous.
What is Joker’s Stash?
Joker’s Stash is the biggest and most reputable Dark Web marketplace out there and periodically features a fresh list of payment card information available. As a result, it quickly became an expensive site featuring card information from high-value targets like restaurants and even government officials.
The website has stolen card information from places like Sonic Drive-In, the supermarket chain Hy-Vee and others.
Cyber-criminals who buy this information usually use the data to clone the real cards and withdraw the money from ATM’s. What’s more, in 2015, the dark web card shop added a section offering social security numbers for sale as well. This isn’t just a problem for people in the U.S. Cybercriminals target whoever they can, wherever they can, not just restaurants.
1.3 Million Stolen Cards For Sale
In late October of 2019, 1.3 million Indian payment cards were put on Joker’s stash for sale at $100. This is evidence that there is a demand for websites like Joker’s stash.
Group-IB, a cybersecurity firm in Singapore was the first to find the stolen data. Experts analyzed the cards and concluded Indian banks had issued 98 percent of the cards. Only about 1 percent of the cards were stolen from Colombian banks.
Researchers consider the India card dump the third largest in 2019. However, this isn’t typical for this type of dump. Usually, the cards are released in small quantities, over a longer period of time. Experts say that a data dump of this size suggests the criminals wanted to make a profit from as many cards as possible before banks and cardholders realized the fraud had taken place.
The information was likely stolen through a Point-of-Sale Data breach (POS), though it is still unclear.
Point-of-Sale Data Breaches
Point-of-Sale data breaches (POS) and occur when cybercriminals install malicious software on a business’s card-processing system.When a customer swipes a payment card at an infected payment terminal, the malware duplicates the data stored on the card.
How Does Joker’s Stash Work?
Unfortunately, Joker’s stash operates using Blockchain DNS, a blockchain system that lets website visitors avoid surveillance intervention and censorship from governments and ISP’s. In other words, Joker’s Stash uses a decentralized system that helps the site stay active if someone attempts to take it down.
Fortunately, Fraud teams can use Joker’s Stash to understand what card data is available and when. As a result, they’re able to determine the common point of purchase of affected cards. A report by Flashpoint, a business risk intelligence specialist, published an analysis that explains how this is the most reliable method of identifying the source of a breach.
All of this to say that POS data breaches are a problem for businesses if customers are afraid their card information isn’t safe.
The fraud intelligence company, Gemini Advisory, said out of the almost 2,000 locations that belonged to the restaurants, close to 50% were breached, according to an article by Insurance Business America.
There is No Safety in Numbers
As we’ve seen, breaches can affect not only retailers and restaurant chains but financial institutions as well. Cybercriminals could have just as easily breached a bank in the U.S., rather than India. The Capital One breach in March exposed 14,000 Social Security numbers and 80,000 bank accounts.l
This information could have been dumped into the Joker’s Stash website and sold for a few hundred dollars just as easily as with the Indian banks. The Department of Justice arrest a Seattle Tech worker, Pagie A. Thompson, for the fraud. She claimed she didn’t do it for the money, but she could have made millions of dollars through sites like Joker’s Stash.
Cybercrimes cost banks more than $1 trillion dollars a year. That’s mainly due to financial institutions failing to comply with regulations, like FIRNA and SOX, creating compliance risks. However, as regulations change with technology, criminals adapt and develop newer ways to exploit regulations.
Breaches Will Get Worse
Banks are usually secure against external threats, but the biggest threats are internal. That is, careless employees. Financial institutions are finally getting around to training their employees, but that might not be enough. Implementing a strong cybersecurity plan is key in a world lurking with criminals ready to leverage any vulnerability a firm might have.
Dark web card sites like Joker’s Stash make are growing more popular and profitable. If these breaches have shown anything it’s that Joker’s Stash isn’t going away. The best chance businesses have is to adapt. That said, cloud security and multi factored authentication are making easier to do so.