Level 9
Key Findings
  • While the entire Asia Pacific (APAC) region is experiencing a noticeable uptick in attacks against brick-and-mortar and e-commerce businesses, South Korea has emerged as the largest victim of Card Present (CP) data theft by a wide margin.
  • Gemini Advisory observed a spike in South Korean-issued CP records that currently consists of over 1 million records posted for sale in the dark web since May 29, 2019.
  • While the exact compromised point of purchase (CPP) remains unclear, these records may have been obtained from the breach of a parent company that operates several different businesses in a variety of locations. It is also possible that a point-of-sale (POS) integrator was breached, allowing a threat actor access to a single integrator service that interfaces with many merchants.
  • As the global trend towards increasingly targeting non-Western countries continues, Gemini Advisory assesses with a moderate degree of confidence that both the supply and demand for South Korean-issued CP records in the dark web will likely increase.