Head Office, Johannesburg, South Africa

Would your business survive these five cybercrime attacks?

cyber-crime-data-breachSecurity should always be of paramount concern when running a business. After all, you are handling both yours and your customers’ money on a daily basis. But when it comes to cybercrime business owners simply can’t be cautious enough. Because the threat of cybercrime is often unseen, it can seem somewhat distant and vague. It’s never going to happen to you – you quietly convince yourself – until it does.

Here are five of the most prominent cybercrimes of the past few years. How would your business fare in the face of these crises?

2013: KFC and other retailers in South Africa are hit with malware that costs them millions.

In October 2013 several South African restaurant and retail franchises were attacked with malware in an organised and targeted cyber attack. The malware in question was a version of Dexter malware, which is notoriously used to infect point-of-sale systems all over the world. The malware works by reading card information stored on the POS device’s memory from magstripe transactions. The international crime syndicate responsible for the attack would then use the card information to clone the cards and make purchases in countries and institutions that have lax CVV (card verification value) practices.

According to reports, KFC, Famous Brands retailers and many other unnamed fast food franchises were affected the most by the attack, which reportedly cost local banks millions of rands. However, the Payment Association of South Africa (PASA) assured the public that customers would not be affected by the breach since the local commercial banks absorbed all of the losses. Still, the incident was big enough to necessitate the involvement of Europol and Interpol and served as the necessary push South Africans needed to migrate from magstripe to chip and PIN cards.

2013: 1.1 million credit cards are exposed during a Neiman Marcus hack that lasts three months

Between 16 July and 30 October 2013, high-end American department store Neiman Marcus was the unsuspecting victim of a similar breach in their point-of-sale systems. Like the attack on the South African fast food sector, malware was used to retrieve card numbers from the Neiman Marcus card machines. The data breach lasted three months, during which approximately 1.1 million credit cards were exposed to the hackers, with 2400 of those being confirmed to have incurred fraudulent transactions. While no cardholder PINs were exposed (since Neiman doesn’t use PIN pads for transactions), the scandal stunned the public for two reasons: how long it went on for and the fact that Neiman Marcus were unable to proactively detect the intrusion until the fraudulent transactions were reported.

2014: Domino’s Pizza’s database is breached and they are blackmailed by hacker group Rex Mundi

On 13 June 2014 hacker group Rex Mundi tweeted: “We hacked the websites of [Domino’s France] and Domino’s belgium, and downloaded 600,000+ customer records…” They went on to release a statement that included the following: “We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That’s over six hundred thousand records, which include the customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).”

In exchange for not selling the information to the highest bidder on the black market, Rex Mundi demanded that Domino’s pay a ransom of €30 000 (approximately R500 000), a demand that Domino’s refused to meet on principle. While no payment data was stolen in the breach, it painted a dark picture of the lengths cybercriminals were willing to go to just to make a little money. What Rex Mundi did with the data after extortion, remains unclear.

2015: T-Mobile customers have their personal information released through an Experian hack that targets millions

Experian is an international information services provider and one of the United States’ leading credit bureaus. Late last year, their servers were hacked and 15 million customers, many of whom were T-Mobile customers who had run a credit check through Experian over the September/October period, had their personal information stolen. The breach didn’t collect any credit card information, but social security numbers, contact information and physical and home addresses were exposed, which could all be sold on the black market and used for a myriad fraudulent purposes.

The breach unsettled a lot of Experian customers since it wasn’t the corporation’s first brush with the shady use of its customers’ private information. It also led a lot to wonder what else cybercriminals could siphon from the Experian servers because the company is privy to vast amounts of private information from people and customers worldwide.

2014 – present: banks all over the world lose an estimated total of US$1 billion during “Carbanak” cyber heist

In what has become famous as the biggest cybercrime in history, an estimated US$1 billion (roughly R15 billion) was seized over two years from banks, e-payment service providers and other financial institutions by an international cyber gang using malware called Carbanak. The powerful malware is capable of infiltrating data servers, cyber espionage, and disarming and remotely controlling highly sophisticated systems. During the course of two years, banks would get hacked for two to four months, with up to $10 million taken with each heist.

The syndicate, thought to have roots in Russia, Ukraine and China, would cash the money out in various ways that highlighted the intricacy and scale of the entire operation, like remotely instructing ATMs to spontaneously dispense cash or using the SWIFT network to illicitly traffic funds internationally. The Carbanak attack remains under investigation by international law enforcement authorities and security organisations and, disturbingly, the cyber gang behind it still remains active, according to reports.

How safe is your business from cybercrime?

You needn’t be an international fast food franchise to be a target for cybercrime. In fact, SMEs in South Africa appear to be of particular interest to cybercriminals. But without the budget of international fast food franchises, how can SMEs expect to protect themselves and avoid similar headline-making catastrophes? By making sure that all the payment processing systems you have are completely adherent to industry security standards.

Paycorp’s entire product offering is stringently PCI DSS-compliant and we’ve maintained a level 1 rating for the past five consecutive years. We not only provide superior payments products and technologies, but we make them safe too so that you and your customers can trade in a secure space. If you would like to foster customer loyalty and boost the growth of your business, choose Paycorp: the payment solutions partner that has it all.