Pierluigi Paganini August 02, 2019

Data belonging to more than one million payment cards from South Korea surfaced in the dark web over the past two months.

Experts noticed a spike in the number of stolen payment card details belonging to users from South Korea over the past two months. Card details from over one million payments cards from South Korea was offered for sale on the Dark Web.

The number of stolen payment card records passed from 42,000 in May up to 230,000 in June, in July other 890,000 records were available for sale.

According to Gemini Advisory that monitors card-related activities on cybercrime underground, in 2019 the demand increased for stolen credit card details from South Korea increased even if the supply did not change.

This means that the average prices for a card increased, in 2018 the average price for South Korean card-present records was $24, in 2019 the prices grew up to $40.

“While the entire Asia Pacific (APAC) region is experiencing a noticeable uptick in attacks against brick-and-mortar and e-commerce businesses, South Korea has emerged as the largest victim of Card Present (CP) data theft by a wide margin.” reads the advisory published by Gemini Advisory.

“Gemini Advisory observed a spike in South Korean-issued CP records that currently consists of over 1 million records posted for sale in the dark web since May 29, 2019.”

At the time of writing, it is still unknown the source of payment card records, but experts believe that data were stolen though physical skimming at several stores in the country.

Cybercriminals may have obtained the card records by infecting Point-of-Sale (PoS) systems with malware at physical locations, such as stores or restaurants, or the huge trove of data could be the result of a breach at a bank or a payment provider.

“As the global trend towards increasingly targeting non-Western countries continues, Gemini Advisory assesses with a moderate degree of confidence that both the supply and demand for South Korean-issued CP records in the dark web will likely increase.” continues the post.

Experts noticed that 3.7% of the compromised South Korean records were from US-issued cards.

“One of the most affected US financial institutions was a credit union that primarily serves the US Air Force; the Air Force maintains multiple air bases in South Korea.” continues Gemini Advisory

The analysis of stolen payment card records revealed that many of them belonged to US citizens that made purchases or paid services in South Korea.

As the Western organizations continue to spend a significant effort in improving cybersecurity, crooks are targeted victims in other countries like Pakistan, India and South Korea.

“Indian-issued payment cards have recently surpassed those of the United Kingdom to become the second-most targeted cards in the world in 2019. Even smaller economies, such as Pakistan, have seen massive breaches in recent years, such as 2019’s breach of Meezan Bank Ltd.” concludes the report. “South Korea’s high CP fraud rates indicate a weakness in the country’s payment security that fraudsters are motivated to exploit. As this global trend towards increasingly targeting non-Western countries , Gemini Advisory assesses with a moderate degree of confidence that both the supply and demand for South Korean-issued CP records in the dark web will likely increase.”

Pierluigi Paganini

(SecurityAffairs – stolen payment card records, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]