It was two years ago around this time of year, as millions of people were shopping for Christmas and Hanukkah presents, when the retailer Target suffered one of the largest hacks in history. The private information of about 100 million people was comprised by hackers.
Target paid tens of millions of dollars to solve the problem, and to pay some victims back. That massive hack spurred numerous improvements in security, including the slow rollout of more secure EMV credit cards.
Yet, hackers are still stealing credit card information. There's a new attack underway called Black Atlas that affects small and medium-sized businesses, notably ones using weak passwords to protect their networks. The hackers are penetrating their point-of-sale systems.
POSs are the machines were you swipe your credit card or debit card. The hackers are using a variety of methods to steal your payment card details, including password-guessing tools, port scanners, remote desktop viewers and other methods.
Once in, they install malware onto the POS and use memory scraping malware to scan the system for your payment card information. They're using several types of malware, including NewPOSThings, Alina and BlackPOS, which was used in the Target hack.
They're combining that with botnets Gorynych and Diamond Fox to infect the point-of-sale systems. With a botnet, hackers use a Trojan virus to attack a network of computers.
They infect all the devices with malware. In this case, to steal your credit card information.
It's incredibly important to protect yourself as you're shopping this holiday season. For starters, use an EMV payment card, if you've got one.