The operators of Maze ransomware have allegedly gained access to Banco BCR, the state-owned bank of Costa Rica, and have stolen 11 million credit card transaction records and other data, including four million unique credit card numbers. On the attacker’s data leak site, they claim to have first gained access to the bank’s systems in August 2019 but did not do any damage because, “the possible damage was too high.” The attackers claim that the bank did not secure their network and they again gained access to the bank’s network in February 2020–claiming that due to the current world pandemic, they did not encrypt the network but instead stole a large amount of data. Of the credit cards, they claim that 140,000 belong to US customers. As proof, they have released 240 credit card numbers with the last 4 numbers removed, and the expiration dates and card verification codes for those cards. Maze states that the ransom that is being demanded is “reward for pointing out problems in the security system through which half a bank could be pulled out.”
Binary Defense analyzed the claims made on the Maze data leak site. The criminals claim that they could have sold the card records on marketplaces for millions of dollars but chose to demand a ransom payment from the bank instead. Some of the 240 card details released were consistent with “track 2” records that are encoded onto the magnetic stripe of credit cards, while others contain the information printed or embossed on cards. It is possible that the Maze actors are bluffing, and that the card records used as “proof” were purchased from carding shops or other criminal marketplaces, rather than having been stolen from Banco BCR directly. It is also possible that many of the claimed four million unique card records are expired or cancelled accounts, making them less valuable to sell to other criminals. It is unlikely that the Maze threat actors had the bank customers’ best interests in mind. Having a secure network is paramount to any organization—companies should perform regular penetration testing of their systems by using legitimate companies such as TrustedSec. A penetration test can discover and report the flaws in security controls and recommend methods to remedy those flaws. It is also recommended for companies to monitor their network, workstations and servers for any intrusions so that they can be quickly contained before attackers have the chance to steal data. Binary Defense has the capability to provide 24-hour a day monitoring of a company’s endpoints to detect and defend from intrusions. Customers of Banco BCR should contact the bank to see if they are at risk and to monitor their credit card accounts for suspicious activity.
To read more: https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/