Privacy News PoS Breach Hits High-End Eateries Across the US

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
The latest victim of a credit card/point-of-sale technology breach is Select Restaurants, the owner of several special-occasion eateries across the US.

According to its website (on which Google has placed a “this site may be hacked” warning label), Select’s stable of food joints includes Boston’s Top of the Hub; Parker’s Lighthouse in Long Beach, Calif.; the Rusty Scupper in Baltimore, Md.; Parkers Blue Ash Tavern in Cincinnati; Parkers’ Restaurant & Bar in Downers Grove, Ill.; Winberie’s Restaurant & Bar with locations in Oak Park, Ill. and Princeton and Summit, New Jersey; and Black Powder Tavern in Valley Forge, Pa.

According to Brian Krebs, the likely vector for the hack is Select’s PoS vendor, which is called 24×7 Hospitality Technology. Having obtained a copy of a letter that 24×7 Hospitality CEO Todd Baker sent to Select, Krebs reported that the company said that hackers had access to all of Select’s PoS systems from late October 2016 to mid-January 2017.

Indeed, the letter confirms that hackers had access to all of 24×7 customers’ payment systems—which would include those at 200 Buffalo Wild Wings locations across the country.

The systems, the letter said, were hacked by a “sophisticated network intrusion through a remote access application.”

“PoS malware can strike in a number of ways,” said John Christly, Global CISO, Netsurion, a provider of managed security services for multi-location businesses, via email. “Simple phishing emails can prompt internal personnel to accidentally open malicious links and attachments, resulting in malware on the network and connected devices. It can also involve hackers spreading malicious code by breaching the remote-access services designed to maintain the payment processing systems. These remote-access services can be poorly configured with guessable passwords, enabling the hackers to break in and distribute the malware to hundreds or thousands of PoS machines.”

24×7 said the attackers subsequently executed the PoSeidon malware variant, “which is designed to siphon card data when cashiers swipe credit cards at an infected cash register,” Krebs noted. He added, “Given how much risk and responsibility for protecting against these types of hacking incidents is spread so thinly across the entire industry, it’s little wonder that organized crime gangs have been picking off POS providers for Tier 3 and Tier 4 merchants with PoSeidon en masse in recent years.”

Select has yet to comment on the situation, and so far, nothing is known about the potential effect on restaurant patrons, including the number of compromised cards.

Christly noted that in today’s threat landscape, a typical firewall can no longer be set up once and run without consistent monitoring, tweaking and ensuring the data coming from it was correlated with other systems.

“Some of these breaches may look like normal web traffic coming out of the firewall, and other attacks can even seem like legitimate DNS traffic, which may pass right by the typical unmanaged firewall,” he explained. “It takes a different approach to stop some of these advanced attacks, and many products and service providers simply do not have the ability to stop them before they do real damage.”
PoS Breach Hits High-End Eateries Across the US
Read More.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Thanks for sharing!
No AV? Poseidon is a 2015 malware!.. Let's see in the next days what happened....
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top