KARACHI: At least three Pakistani banks were pounced with yet another cyber attack after a gap of almost three weeks as data of over 150,000 plastic cards were put on sale on the dark net on November 13, The News learnt on Friday.
A Moscow-based anti-fraud firm the Group IB detected an abnormal spike in Pakistani banks’ data offered for sale on one of the card shops as a new set of dumps – technical epithet for card data – was uploaded to Jokerstash card shop, a secretive hub of stolen card data.
“There were 150,632 dumps of Pakistani banks,” the information security firm said in a statement. “The banks affected by this breach included major Pakistani financial organizations such as Habib Bank, MCB Bank Limited, Allied Bank Limited and many others.”
A central bank’s spokesman declined to comment on the latest whistle blow.
Group-IB said Habib Bank “was affected most by the breach. Roughly 20 percent of cards in the uploaded database was issued by this bank”.
The cyber theft didn’t just affect the Pakistani banks alone as some other international banks’ data were also compromised by the hacking attempts.
The Group-IB said more than 16,000 cards of other regional banks and over 11,000 card data of banks with unrecognised geography were also dumped on the hub. It didn’t mention the currency unit of the amount to clarify how much the latest breach would cost, but it said the “total amount of dumps that went on sale on Nov. 13 was amounted to 177,878”.
The Group-IB official said it is very rare that Pakistani banks’ cards come on sale on the dark net card shops. “In the past six months it was the only big sale of Pakistani banks’ data.”
Last month, the Group IB also pointed at nine banks including BankIslami, Habib Bank, JS Bank, Faysal Bank, Soneri Bank, Bank of Punjab, Bank Alfalah, Silkbank, and MCB Bank whose data was compromised. But, the Pakistani banks said their data was safe and not vulnerable to cybercrime.
BankIslami accepted Rs2.6 million of its consumers were siphoned off and later they credited the amount into the bank accounts.
The Group IB said there were no card dumps of BankIslami up for sale this time around.
The information security firm said the file was initially put on sale under the name “PAKISTAN-WORLD-EU-MIX-03 (fresh skimmeD EU base): PAKISTAN/WORLD/EU TR1+TR2, uploaded (on November 13)”. The file was with non-refundable base.
“Slightly later the name of the database with dumps was changed to «PAKISTAN-WORLD-EU-MIX-03 (fresh skimmeD EU base): PAKISTAN/WORLD/EU TR1+TR2,” uploaded on the same date. The time for refunds was three hours.
“Presumably, originally the seller didn’t want to allow refunding purchased cards, but he later decided to give its potential buyers sometime to test the reliability and value of data on sale,” the Group-IB said.
Dmitry Shestakov, head of Group-IB Cybercrime research unit said card dumps are usually obtained by using skimming devices and through Trojans infecting workstations connected to point of sale terminals.
“What is interesting about this particular leak is that the database that went on sale hadn’t been announced prior either in the news, on card shop or even on forums on the dark net,” Shestakov said.
“The market value of this database is estimated at $19.9 million. The sale price for these card dumps ranges from $17 to $160.” The information security firm said the previous breach might have caused the compromise of BankIslami account holders that took place on October 27. “The set of dumps was valued at $1.1 million with sale price ranging from $35 to $150.”
The Group-IB said on an average 1.8 million dumps were uploaded to card shops monthly from June 2017 to August 2018. “Card dumps account for 62 percent of total sets of card data sold, which means that POS Trojans represent the major method of compromising credit cards and might have caused this particular leak,” it said in another report.
The central bank has directed banks to upgrade their systems to meet any cyber attack challenge in future. Banks are required to inform SBP and peer banks of any imminent threat that comes to their knowledge and SBP will take all possible actions to safeguard the banking system.
Banks took various measures to improve shield of their IT systems against any cyber attack following the central bank’s instructions. Last month, they also temporarily stopped debit cards of their customers for international cash withdrawal.