Tag Archives: Malware

Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

“…Just before the 2012 festive period, a new piece of malware surfaced and was found in hundreds of POS systems in hotels, restaurants, retailers and private parking providers. The malware was discovered by Israel-based security cybercrime in hotelsfirm Seculert: ‘Dexter’ (which comes from the string ‘BKDR_DEXTR.A’) is a data-theft tool used to target and attack POS systems. The program, which is Microsoft Windows-based, uses common techniques to search the memory of running processes to identify credit-card track data, but with the uniqueness of the attacker having full control…”

Connected point-of-sale (POS) systems – that’s the checkout to you and me – are the most recent targets of the cybercriminal, and a specially-crafted malware, dubbed Dexter, is further indication that now all kinds of connected devices may be vulnerable to attack.

Seculert CTO and co-founder Aviv Raff explains that while the company is as yet uncertain as to who is behind Dexter, the author is fluent in English: Dexter mainly targeted English-speaking countries. The malware was located in 40 different countries, but notably 42 per cent of POS systems targeted were in North America and 19 per cent UK-based. “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff says.

The malware injects itself into the iexplore.exe file in Windows servers, through rewriting in the registry key. It then’ pinches sensitive credit-card data from the server, before transferring it through a remote command and control system. Windows-based POS systems are used increasingly in the industry, and according to Seculert’s findings, 51 per cent of targeted POS systems use the outdated Windows XP. The high percentage indicates Windows-based machines that process unencrypted track data are viable targets.

Microsoft Windows XP may be the ‘preferred’ choice for POS systems, especially among smaller retailers who feel that they cannot afford to upgrade, but with the operating system to be discontinued in 2014, the question is over what support will be offered for remaining XP users and if they will be able to handle the upgrade to Windows 7 or 8.

“Dexter only has three purposes in life,” says Trustwave’s security researcher Josh Grunzweig. “To always be running on the victims’ machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker who is controlling it.”

The latter is what makes the malware stand out and impresses Grunzweig. “I can’t remember the last time I saw a piece of malware that targeted POS systems that had a nice command and control structure to it,” adds Grunzweig.

He explains the hacker maintains control of the attack by using normal communication methods, but with the skill to hide what it was sending by encoding the data. This involved sending out a message to the attacker, by default, every five minutes and also checks the victim to see if there is any track data running every 60 seconds.

The magnetic strip on a credit card contains three tracks and the malware attempts to extract data from memory relating to tracks one and two, containing numeric or alphanumeric data that can be used to clone the card that was used in a transaction. If Dexter finds any of this track data, it alerts the attacker in the next message sent and the process is repeated. The attacker has the control to change the times and install additional malware or even remove Dexter altogether.

“The most unusual thing about Dexter is the small amount of public attention it has received,” says Trustwave’s Josh Grunzweig. “The issues that make POS-specific malware difficult to discuss in the industry also affects the ability of antivirus companies; without samples they are unable to provide detailed protections for specific threats.”

For more:  http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.cfm

Comments Off on Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

Filed under Claims, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Computer Risks: Cybercrime Risks Remain Perilous As "Malicious Software Or Malware" Increases To 6 Million Programs In First Three Months Of 2011

The amount of new malicious software, or “malware,” unleashed on the internet during the first three months of this year hit six million programs, according to a report last week by McAfee, the computer antivirus maker. “It’s been a busy start to 2011 for cybercriminals,” Vincent Weafer, senior vice president of McAfee Labs, said in a statement.

A 2009 study by computer antivirus maker McAfee and SAIC, a technology security firm, estimated that computer crime cost companies $1 trillion across the globe, but analysts say the actual total is sure to be higher as computer security breaches are underreported.

“I think all the service providers are victims of this type of issue, it’s just whether the company has a public interface to warn users of this type of problem is the big question,” Andrew Lih, author and professor at the University of Southern California, told CNN.

“Google has been pretty good at being forthcoming in having this kind of dialogue with its users,” Lih said. “It’s very possible to probable that these other service providers, from Yahoo to Microsoft to any of these other ones, have had these types of attacks, it’s just that Google has been very public in trying to combat this.”

For more:  http://business.blogs.cnn.com/2011/06/07/the-hidden-cost-of-cybercrime/

Comments Off on Hospitality Industry Computer Risks: Cybercrime Risks Remain Perilous As "Malicious Software Or Malware" Increases To 6 Million Programs In First Three Months Of 2011

Filed under Guest Issues, Labor Issues, Maintenance, Management And Ownership, Risk Management, Technology, Theft