Tom Clancy's Ghost Recon: Wildlands Ghost Edition Includes: Tom Clancy's Ghost Recon: Wildlands Gold Edition; 12 inch Nomad Statue: At a foot tall, this highly-detailed statue features a game-accurate replica of Nomad - Ghost team leader and weapons specialist.
According to analysis from two separate security providers, hackers targeting have appropriated unauthorized versions of the powerful scanning tool Card Recon developed by Ground Labs, a commercial DLP product used by merchants for PCI compliance, which seeks out payment card data stored in the recesses of networks.
Much like with other tools such as Metasploit and SHODAN, Card Recon was developed to assist security teams in their efforts to better secure systems and sensitive data, but such tools can also be misappropriated by criminal hackers with nefarious intents, and the analysis of POS attacks confirms that Card Recon has been added to the assailant’s toolkit.
“The attack kit also contains two cracked copies of Card Recon, a legitimate application designed to find credit card data across a wide variety of systems. Ground Labs lists them as ‘workstations, file servers, NAS and SAN devices, Exchange, Gmail, Lotus Notes, Oracle, Amazon AWS Cloud and more'” a report Arbor Networks stated.
“Card Recon looks to be a useful tool when wielded by an auditor or security staff, but is clearly dangerous in the wrong hands. The presence of an audit tool like Card Recon where it is not expected is a clear sign of trouble, as it shows that attackers are after card data anywhere that it can be found.”
Numaan Huq, security researcher for Trend Micro, independently confirmed that Card Recon was being employed in POS attacks, and noted that the attackers may be using it to validate the card data they exfiltrate.
“While researching POS RAM scraper malware, I came across an interesting sample: a RAR archive that contained a development version of a POS RAM Scraper malware and a cracked copy of Ground Labs’ Card Recon software. It looks like the criminal gangs are using the RAM scrapers to dump memory, and (ironically) using DLP to find the cards,” Huq wrote.
“Bad guys using a commercial DLP solution wasn’t that surprising, but it got me thinking: why validate? Aren’t the regexes used to collect the data enough? The short answer is the criminals need to check and validate the data they have stolen, which they then sell in the underground carder marketplace,” Huq continued. “Selling bad data will damage their reputation and might even have nastier repercussions than merely losing credibility.
Card Recon requires a license to prevent it from being used without authorization, but access to the software’s executables can not be prevented if the target is a customer who has already deployed it.
“This is the unfortunate reality for all software vendors: It is common for criminals to acquire a copy of commercial software via unauthorized means and then reverse engineer that software to circumvent the licensing mechanisms that are designed to prevent its unauthorized use,” said Ground Labs’ Stephen Cavey.
When retail company Target was targeted by cybercriminals in December of last year through point of sale service attacks, there was growing anxiety over the security layer being put on customer data of other retail stores.
But a recent revelation of how a software tool used to search for payment card data stored in POS has been leaked to the hacking community might just aggravate the worries of netizens.
Pirated copies of the Card Recon has been stolen by cyber criminals. Ground Labs developed the software tool to help auditors conduct review of networks for information about sales payments from customers and consumers. That will help companies fulfill the requirements mandated by the Payment Card Industry’s Data Security Standard for protecting payment card data.
Stolen versions of Card Recon have been incorporated as an essential component of malware programs designed to target POS terminals such as cash registers and ATMs, showing the dichotomy of its purpose, namely for auditing and for cyber crime if used by attackers.
For its intended use, the Card Recon is designed to locate card details in the almost untapped corners of an organization’s network and consolidate the resulting information into a report for enterprises to secure the data.
It is also built to strictly enforce a genuine copy of the software to be the only version that will be permitted to function. So a pirated copy is out of question whether it could be possibly used also. However, that strict requirement ends when a genuine user starts getting his or her hands on the tool, which means restrictions to that copy that he or she has purchased with a license fee are lifted and attackers can have the chance to manipulate the software for their own malicious purposes.
Well, that is already the norm in today’s technology landscape, that when someone purchases a legit copy of a certain software product, hackers are quick to gain access to that copy using illegal methods and tweak the product in order to disable the license restrictions of the software.
How does Card Recon work in POS terminals? It scans 16-digit numbers and isolate those figures from the credit card numbers. There is a malware called Huq, which experts spotted in the wild that cyber criminals are using to detect cards according to their labels – Discover, Visa and MasterCard.
The only best possible option to stop the Card Recon manipulation is to delete personally identifiable and sensitive information from POS terminals.