The Dexter malware has struck again. This time, South African banks have suffered an estimated tens of millions of rand in losses due to a major breach of customer card data by criminal syndicates that infected electronic POS devices.
It’s not known exactly how many devices were infected by the malware, but the problem is
Dexter malware hits SA banks
believed to have been widespread in the fast-food industry. It’s understood from a source with knowledge of the situation that KFC has been hit particularly hard by the infection.
The South African Police Service (SAPS), Interpol and Europol are all involved in a multinational investigation to bring the syndicate or syndicates responsible for the data breach to justice. South Africa’s banking risk intelligence centre, Sabric, is managing the forensic investigation and working with the SAPS, where a case docket has been opened. No South African suspects have been arrested so far.
Payments Association of South Africa CEO Walter Volker confirmed in an interview with TechCentral that the breach, which affects most of South Africa’s card-issuing banks, is significant – running into tens of millions of rand – and is at least on a par with an incident last year involving payments company PayGate, in which thousands of cards were compromised. The Dexter incident, however, affects a “broader environment”, Volker says.
South Africa’s banks first noticed “unusual levels of suspected fraud” starting to occur at “certain fast-food outlets” earlier this year, Volker explains. “This highlighted reasons for concern, although the numbers were still low.”
However, a forensics company was appointed to begin analysing “some of these incidents”. An incident response committee was created, consisting of all the affected, card-issuing banks, as well as global payments companies Visa and MasterCard. The committee has worked “through 99% of the issues” and is now in the process of “cleaning up and keeping a list of possible new incidents”.
“It took quite a while to get to the bottom of [this incident], because it was not the standard Dexter malware, which has been around for a while, and which many antivirus software programs can pick up,” Volker says. “This one was a variant that was changed to [avoid detection] by the antivirus software.”
He explains that the infection came from overseas, possibly involving a syndicate based somewhere in Europe. “That’s still part of ongoing investigation.” He’s also reluctant to disclose how the breach occurred until the investigation has been concluded.
Specialist security firm Foregenix was commissioned to investigate and develop antimalware software to deal with the Dexter variant. This software was provided to all of the fast-food outlets suspected of using infected POS devices, says Volker, leading to a rapid decline in the number of reported incidents after it was deployed.
Volker explains that when a bank customer presented their card at a fast-food outlet and it was swiped, malware hidden in an infected POS terminal would read the customer’s card number and send this to an international syndicate. Typically in these situations, the syndicate then sells the numbers to another syndicate, which then produces plastic cards that can be used in physical stores. Because the “card verification value” security numbers on the backs of the cards were not compromised, criminals were not able to use the cards to buy online goods and services.
Volker says authorities have already picked up incidents of South African card numbers, compromised by the Dexter variant-infected POS terminals, being used to make in-store purchases in the US. This has led to arrests.
But he says South African banking customers should not panic. “All the fast-food retailers have been cleaned out as far as possible,” he says. “We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket [as the banks will honour losses].”
It’s “very difficult” to estimate how many cards have been compromised, but Volker says it’s “certainly not in the millions”.
The post South African banks suffer massive Dexter malware attack appeared first on Payments Cards & Mobile.
