Another POS data breach

Chicago IL (hospitalitybusinessnews.com) According to KrebsOnSecurity it appears that Select Restaurants Inc. has been hacked. The initial indicator of the hack was actually done by GOOGLE who added a “this site may be hacked” tag in the search results.

Select Restaurants, Inc. owns and operates some of the country’s finest restaurants, ranging from fine waterfront dining to family-friendly restaurants and upscale neighborhood cafés and taverns, such as Boston’s Top of the Hub, Parkers’ Lighthouse in Long Beach, CA, and Winberie’s Restaurants in New Jersey and Illinois.

Krebs states that “Select Restaurants did not return messages seeking comment. But as with the breach at Cici’s Pizza chains, the breach involving Select Restaurant locations appears to have been the result of an intrusion at the company’s POS vendor — Geneva, Ill. based 24×7 Hospitality Technology. 24×7 handles credit and debit card transactions for thousands of hotels and restaurants, including more than 200 Buffalo Wild Wings franchises nationwide.” Read the whole article at KrebsOnSecurity.

Hospitalitybusinessnews.com contacted John Christly, Global CISO, Netsurion, a provider of managed security services for multi-location businesses, and EventTracker, its SIEM subsidiary for a comment on this situation.

According to John, “POS malware can strike in a number of ways. Simple phishing emails can prompt internal personnel to accidentally open malicious links and attachments, resulting in malware on the network and connected devices. It can also involve hackers spreading malicious code by breaching the remote-access services designed to maintain the payment processing systems. These remote-access services can be poorly configured with guessable passwords, enabling the hackers to break in and distribute the malware to hundreds or thousands of POS machines. It also doesn’t help that the malware can be tricky to detect. Sometimes, it can sneak past antivirus programs and then stealthily extract payment data, despite the presence of traditional firewalls. Then it can send out the stolen data slowly, making it look like normal traffic. A few months will go by, and who knows how many credit cards will have been breached.

In today’s threat landscape, a typical firewall can no longer be set up once and run without consistent monitoring, tweaking, and ensuring the data coming from it was correlated with other systems. Some of these breaches may look like normal web traffic coming out of the firewall, and other attacks can even seem like legitimate DNS traffic, which may pass right by the typical unmanaged firewall. It takes a different approach to stop some of these advanced attacks, and many products and service providers simply do not have the ability to stop them before they do real damage.

Restaurants looking to protect themselves at the highest level should implement the following tools:

1- File integrity monitoring (to tell you when files have changed that weren’t supposed to change)
2- Unified threat management appliances (used to integrate security features such as firewall, gateway antivirus and intrusion detection)
3- Security information and event management (used to centrally collect, store and analyze log data and other data from various systems to provide a single point of view from which to be alerted to potential issues)
4- Next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems)

These advanced tools should ideally be outsourced to a managed security firm that specializes in this type of service, which includes having expert threat researchers that are constantly looking for new activity that could point to a hacker trying to steal data from your systems.”

Share Button
About the Author