Sansec at Europol training: 50,000+ stores hacked
by Sansec Forensics Team
Published in Threat Research
Cementing itself as a global force in the protection against eCommerce fraud, Sansec has been invited to speak at the fifth edition of Europol’s Training Course on Payment Card Fraud Forensic Investigations in Avila, Spain.
The week-long event, hosted by the Spanish National Police Academy, saw 53 investigators, forensics experts and accredited trainers from 25 countries in the European Union, as well as from Colombia, Moldova and the United States, descend on the Spanish province to learn about how to better work together to fight the growing threat of e-skimming attacks. This type of fraud, whereby malware infected its checkout pages to steal payment and personal information of shoppers, is on the rise and becoming ever more sophisticated; companies large and small have been hit by attacks in recent years, including British Airways, Macy’s and Ticketmaster.
Presentations were given by Europol staff and by key private sector organisations, including Sansec, and the event hosted numerous sessions and workshops that covered wide range of topics in the area of payment fraud, including online skimming, card data analysis, cryptocurrencies, social engineering attacks and loyalty card fraud.
Willem de Groot, founder and architect at Sansec, gave a talk on his company’s work in tracking and preventing the growing number of skimming attacks; since uncovering the first instance of online skimming in 2015, the firm has identified more than 50,000 stores globally that have, at one point, fallen victim to a similar hack.
Last year, Sansec - which offers an industry-leading malware and vulnerability monitor for e-commerce websites - was also responsible for uncovering the largest Magecart-style skimming campaign to date, which saw card details stolen from 962 online shops in just 24 hours.
“With so many experts from different countries together, it was really inspiring to witness the work ethic civil service side of society, and it really had a nice vibe of cooperation,” says De Groot. “We can help because we have been tracking this fraud for years. Our treasure trove of historical data enables us to quickly correlate cases and actors between crimes.”
At the training, Europol staff also presented an update on the different joint actions that regularly are conducted in coordination with the national authorities and the private sector, as well the services, products and solutions that Europol can provide to support national investigations.
Additionally, representatives from Spanish authorities stressed the importance of international training supported by Europol to strengthen networking in future investigations, as well as the importance of joining efforts between police forces and the private sector, the release said.
The event was supported by the private industry with the participation of representatives of agencies and companies which play a key role in the fight against card payment fraud such as VISA, American Express, Western Union, Uber, Santander Bank and Sansec.
Europol said: ”This kind of event demonstrates the cooperation between public and private sector, the continuous training, the update on the investigative techniques and the improvement of forensic capabilities, is the only possible way to succeed in the fight against cybercrime and especially to confront, in an effective manner, all the emerging threats in the field of payment card fraud.”
Since the first training in 2015, more than 250 international students have benefited from the training programme.
What is Magecart?
Also known as digital skimming, this crime has surged since 2015. Criminals steal card data during online shopping. Who are behind these notorious hacks, how does it work, and how have Magecart attacks evolved over time?About Magecart