Details for 1.3 million Indian Payment Cards Put Up for Sale on Joker’s Stash (Oct 29, 2019)
Security researchers from Group-IB recently discovered that more than 1.3 million payment card details were put up for sale on one of the largest underground card selling shops, Joker’s Stash. It is believed from initial analysis that the card details were taken using skimming devices planted on ATMs or Point-of-Sale (POS) systems. There was no specific bank targeted due to the variety of cards being put for sale coming from multiple banks. Group-IB discovered that India made up 98% of all the credit card dumps, with Colombia banks being involved in 1% of the dump.
Recommendation: Customer-facing companies that store credit card data must actively defend against Point-of-Sale (POS) threats and stay on top of industry compliance requirements and regulations. All POS networks should be aggressively monitored for these types of threats. In the case of infection, the affected networks should be repopulated. Furthermore, customers should be notified as soon as possible and potentially offer fraud protection to avoid negative media coverage and reputation.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.