FIN6 Cyber-Hacking Group Attacking PoS Systems, IBM Reveals

Today’s topics include IBM identifying ongoing FIN6 attacks against point-of-sale targets, and Google claiming its MasterCard deal does not violate privacy rights.

According to a report released Sept. 5 by IBM's X-Force Incident Response and Intelligence Services, the FIN6 cyber-hacking group has been using FrameworkPOS and GratefulPOS malware to steal “massive” amounts of payment card data from point-of-sale systems throughout 2017 and into 2018.

Sean Cavanaugh, senior incident response analyst at IBM X-Force IRIS, said that "[d]uring at least one IBM X-Force IRIS investigation, [IBM] recovered several million unique credit card numbers from a compromised server the attackers staged data on."

In addition to FrameworkPOS and GratefulPOS, FIN6 is using the open-source Metasploit penetration testing framework as part of its exploit chain.

Google is downplaying privacy concerns surrounding its Store Sales Measurement tool, which uses data from MasterCard to let advertisers know how well their online ads are doing in driving sales in physical stores.

Google’s relationship with MasterCard was not publicly known until last week when Bloomberg published an investigative report Aug. 30 disclosing how the two companies had reached a secret deal after four years of discussions. The arrangement gives Google access to certain data on purchases that consumers have made using MasterCard branded credit and debit cards in the U.S.

However, Google does not collect or have access to personal information from credit and debit card data, and does not have any insight into purchases made at physical store locations. Google only learns of the aggregate value of purchases related to a specific product over multiple purchases and also ensures that all of the data that it receives from MasterCard and other third parties is encrypted so it cannot identify individuals who make purchases.