The origin of the compromise remains unknown at this time, but the data comes from card-present transactions at numerous businesses in the country. Stealing payment details from card-present transactions is typically done through planting malware on systems that connect to PoS devices. In many incidents, the attack vector was a remote desktop connection protected by default or easy-to-guess password.
Therefore, one possible explanation could be that a point-of-sale (PoS) integrator was breached since these services interface with payment devices from multiple merchants. Citing researchers at Gemini Advisory that monitor card-related activities on cybercriminal forums, Bleeping Computer mentions that South Korean payment records were in low demand in 2018 as the fraudsters had a large supply available.
This changed in 2019 when the supply remained the same but demand increased, the online publication continued.
Another observation from the researchers is that 3.7% of the compromised South Korean records were from US-issued cards that belonged to US owners visiting South Korea.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now