Data stolen from Hy-Vee customers offered for sale on Joker’s Stash Dark Web forum

By: Charlie Osborne

A card dump of 5.3 million accounts may be tied to the recent security breach.

As previously reported by ZDNet, the supermarket chain issued a warning to customers on August 14 which explained that a data breach had occurred at point-of-sale (PoS) systems used by the firm’s fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers.

However, PoS systems used by Hy-Vee grocery stores, drugstores, and convenience stores are not believed to have been affected.

Typically, PoS platforms are compromised through the installation of RAM scanners which are able to harvest payment card details once they have been swiped. This stolen data is then remotely transferred to a server controlled by an attacker and may be offered for sale as part of a data dump or used to create clone cards.

It is not known who is behind the data breach, nor how long they were lurking on the firm’s systems. Iowa-based Hy-Vee has launched an investigation and asked customers to keep an eye on their bank statements for fraudulent transactions.

“If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner,” the company said.

More: https://www.zdnet.com/article/data-stolen-from-hy-vee-customers-offered-for-sale-on-jokers-stash-dark-web-trading-post/

Checkers restaurant chain discloses card breach

By: Catalin Cimpanu

POS malware discovered installed at 102 Checkers and Rally’s restaurants.

Checkers and Rally’s, one of the biggest drive-thru restaurant chains in the US, disclosed a security incident yesterday that impacted over 100 locations.

In a security notice published on its website, the company said hackers breached its systems and planted malware on its payments processing system.

The malware was designed to collect information from the magnetic stripe of payment cards and was capable of detecting and extracting data such as the cardholder name, payment card number, card verification code, and expiration date.

15% OF CHECKERS’ AND RALLY’S RESTAURANTS IMPACTED

Not all Checkers restaurants were impacted. The company listed the addresses and the dates during which the malware was active on the network of each of the impacted restaurants.

The list includes the addresses of 102 drive-thru restaurants, operating under the Checkers or the Rally’s brands. The company said this amounted for 15% of all of its locations.

Most of the impacted restaurants had POS malware installed on their systems between early 2018 and 2019; however, some restaurants were infected in 2017, and the earliest infection date was in September 2016. Most of the restaurants were cleaned in April 2019, when Checkers appears to have discovered the intrusion.

Only customers who paid for meals and other products using their payment cards during infection periods are impacted.

More: https://www.zdnet.com/article/checkers-restaurant-chain-discloses-card-breach/

O Futuro do POS – oportunidades – parte 2

By: Alexandre Vasconcelos

Nada é mais clichê atualmente do que dizer que as mudanças ocorrem muito rapidamente na área de tecnologia, mas em se tratando do ecossistema de soluções POS (Point of Sale) não há como escapar. Como dito no primeiro artigo desta série (O Futuro do POS – Fraquezas), as questões relacionadas a segurança, como vulnerabilidades e a variedade de plataformas são temas difíceis de esgotar, sempre existem novidades. Além disso, a tão falada “guerra das maquinhas” tem ocupado um bom espaço na mídia, e estes dispositivos desempenham um papel central (apesar de imperceptível aos olhos do público não especializado) neste mercado.

Considerando o segmento, as oportunidades surgirão para:

  1. Hardware
  2. Software
  3. Serviços

Difícil explorar todos estes segmentos em um curto artigo, no entanto é fundamental destacar alguns pontos que já estão moldando este mercado; sendo que um salto tecnológico está em pleno curso e logo todos estarão utilizando novas tecnologias sem perceber a importância da mudança.

No que diz respeito ao hardware, as oportunidades no momento estão no esgotamento dos dispositivos existentes, com máquinas com baixo poder de processamento e mais baratas, oferecendo tecnologia insuficiente para avançar em um mercado tão competitivo. Em seguida vêm as máquinas mais recentes, com telas maiores e sistema operacional Android, capazes de oferecer mais funcionalidades, como aplicativos de gestão; no entanto, ainda visceralmente ligadas a um modelo de negócios que está rapidamente tornando-se ultrapassado, mas há que se espremer até a última gota, pois o mercado ainda comportará este modelo por um período, mas estão com os dias contados. Neste ponto ainda é possível que apareça uma nova geração de dispositivos POS, buscando explorar ainda mais o que resta deste mercado antes do próximo nível, os mais corajosos estarão navegando por estas águas perigosas. Veremos. E por último, os dispositivos mPOS (Mobile Point of Sale) estão chegando como uma pequena onda, que não possui o poder destrutivo de um tsunami, mas que por onde passarem abalarão o mercado das máquinas POS existentes, minando sua resistência para logo mais adiante substituí-las, considerando a toda a sua atratividade e flexibilidade.

O software é a alma do hardware, e o mercado de aplicativos já é um caldeirão fervente e intensamente competitivo nesta era de mobilidade. Neste âmbito, não faltarão oportunidades para quem desenvolve software, oferecendo possibilidades até bem pouco tempo somente possíveis em computadores de mesa. Importante ressaltar a importância, muitas vezes negligenciada, do papel desempenhado pela segurança do software neste ecossistema; desde o sistema operacional aos aplicativos que serão utilizados no dia a dia pelos clientes. O artigo anterior desta série explora algumas destas fraquezas que devem ser levadas em consideração. O desenvolvimento de uma cadeia robusta e fortemente conectada por meio de APIs e validadores de transações tendo como base um sistema operacional seguro e sempre atualizado serão pontos chave para o sucesso neste mercado.

Levando o tema para o lado de Serviços, momentos assim únicos estimulam a geração de inúmeras oportunidades, e em um mercado dinâmico e rápido como este não há tempo a se perder. Por isso, levando-se em conta o cenário atual, percebe-se claramente que seus players buscam fortemente o esgotamento de todas as possibilidades de negócios, como por exemplo:

More: http://tiinside.com.br/tiinside/seguranca/artigos-seguranca/14/05/2019/o-futuro-do-pos

TinyPOS: Handcrafted Malware in Assembly Code

By: Kacy Zurkus

Legacy software vulnerabilities have created opportunities for hackers to steal credit card data and other personal information using tiny point of sale (POS) malware, according to research published by Forcepoint.

Researchers reportedly analyzed 2,000 samples of POS malware and found that many are handcrafted, written in assembly code and very small; thus, researchers aptly named the malware TinyPOS.

Of the samples analyzed, 95% were loaders used to distribute malware to systems. In addition, researchers found that system compromises can go months without detection due to the small code size (2.7kb). Though researchers suggested that protecting against these attacks is not difficult, the issue for many organizations is that they are using old, outdated POS software and hardware that can do a lot of damage.

The samples were grouped into four categories: loaders, mappers, scrapers and cleaners, wrote Robert Neumann, senior security researcher at Forcepoint. “The most probable initial vector would be a remote hack into the POS system to deliver the Loaders. Other options could include physical access (unlikely) or a rogue auto-update to deliver a compromised file to the POS operating system.”

That attackers are targeting POS systems is nothing new, particularly because they collect large amounts of personal data. Because of their vulnerabilities, Ryan Wilk, VP of customer success for NuData Security, a Mastercard company, said POS systems have long been a prime target for cyber-criminals.

More: https://www.infosecurity-magazine.com/news/tinypos-handcrafted-malware-in-1/

O futuro do POS – fraquezas – parte 1

By: Alexandre Vasconcelos

Fraudes em máquinas POS (Point of Sale) tem se tornado cada vez mais comuns e frequentes, independentemente de como é feita a interação com a máquina os fraudadores desenvolvem técnicas sofisticadas para obter vantagens ilícitas.

O mercado de varejo, desde o pequeno comerciante às grandes redes, são um dos principais alvos do momento. De acordo com um estudo conduzido em 2017 pelo Instituto Ponemon, pequenos negócios são um grande alvo para os hackers; em média $1.2 bilhões de dólares foram gastos por estas instituições devido a problemas em suas operações decorrentes de falhas de segurança, e 61% delas sofreram algum tipo de ataque cibernético nos últimos 12 meses.

Associado a isto, os meios de pagamento vêm passando por transformações significativas. A introdução do *Pay (Apple, Google e Samsung) no mercado brasileiro (2) trouxeram novas formas de realizar operações de crédito e débito por meio de NFC (Near Field Communication) e MST (Magnetic Secure Transmission, proprietário da Samsung), ao aproximar os smartphones das máquinas de POS. No entanto, estes são apenas o ponto de partida para usos ainda mais intensivos deste tipo de tecnologia, que ainda poderá ser amplamente explorado no mercado financeiro, por exemplo.

A adoção de tecnologias que facilitam e massificam os meios de pagamento é um movimento sem retorno, pois trata-se de um avanço natural, assim como aconteceu em inúmeras outras áreas que também se desenvolveram e progrediram. No entanto, existe um elo fraco nesta cadeia e pouco considerado até o momento: o POS. A tecnologia por trás destas pequenas máquinas é relativamente simples, seu hardware é de baixa capacidade e barato, o que facilita muito a sua massificação. Existem regras de segurança e regulamentos claros e muito bem desenhados de maneira que estas máquinas e seus sistemas proprietários ofereçam bons níveis de segurança, protegendo os dados dos clientes que nelas colocam seus cartões e informam as suas senhas. Mas até que ponto estas máquinas são seguras?

Mais: http://tiinside.com.br/tiinside/seguranca/artigos-seguranca/23/04/2019/o-futuro-do-pos

Planet Hollywood Owner Suffers Major POS Data Breach

By: Phil Muncaster

Earl Enterprises, the parent company of Planet Hollywood and other US restaurant chains, has admitted suffering a 10-month breach of customer payment card data.

The firm said in a notice on Friday that hackers installed POS malware at a number of restaurants including those operating under the brand names Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria.

“The malicious software was designed to capture payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder name,” it explained.

“Although the dates of potentially affected transactions vary by location, guests that used their payment cards at potentially affected locations between May 23, 2018 and March 18, 2019 may have been affected by this incident. Online orders paid for online through third-party applications or platforms were not affected by this incident.”

There was no indication from the hospitality firm how many customers had been affected, but reports suggest it could be over two million.

Security researcher Brian Krebs has claimed that the breach is linked to the appearance of 2.15 million stolen cards on the dark web back in February.

More: https://www.infosecurity-magazine.com/news/planet-hollywood-owner-major-pos-1/

仮想通貨スマホメーカーのSikurがモバイルバンキングプラットフォームをローンチ

By: Kaz

CNETは仮想通貨スマートフォンメーカーのSikurがモバイルバンキングプラットフォームをバルセロナで開催されているMWCにてローンチしたと2月25日に報じました。

同プラットフォームはすでに市場に存在するデジタルバンキングアプリのユーザーフレンドリーな側面を組み合わせ、ハイスタンダードなセキュリティと共に提供するものとなっています。

セキュリティに特化した製品を得意とするSikurはその専門知識を用いて、決済アプリにおけるPOSデータ漏洩による被害を防ぐ事を目的としています。

SikurのCEOであるAlexandre Vasconcelos氏はCNETに対して、「人々は従来の銀行からこのようなプラットフォームに移行しており、口座の開設も非常に簡単になっている」と話しています。

Sikurはブラジルを拠点とする企業で、昨年にはセキュリティに特化した仮想通貨ウォレット付きスマートフォンを発表しています。

同社はフィンテック企業のLogBankと提携して、金融規制に完全に準拠したエンドツーエンドプラットフォームを開発しています。今後は、同社のセキュリティを備えたバンキングアプリが開発できるSDK(ソフトウェア開発キット)もリリースする予定です。

また、同社のSDKを使って開発されたアプリがダウンロードできるSikur App Storeも公開されており、ユーザーはセキュリティ面が強化されたアプリを利用する事ができます。

もっと: https://crypto-times.jp/sikur-launched-mobile-banking-platform/

POS Firm Hacked, Malware Deployed at 130+ Outlets

By: Phil Muncaster

A Point of Sale (POS) solutions provider has revealed it was hacked last month, leading to data slurping malware being placed on the networks of multiple clients across the US.

Minnesota-based North County Business Products said in an updated notice this week that the incident may have resulted in the theft of card data from customers at over 130 locations.

Among the list of businesses affected are a significant number of Dunn Brothers Coffee, Zipps Sports Grill and Someburros outlets.

“On January 4, 2019, North Country learned of suspicious activity occurring within certain client networks. North Country immediately launched an investigation, working with third-party forensic investigators to determine the nature and scope of the event,” it revealed.

“On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information. Specific information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV.”

It should be noted that not all of the locations listed were affected for the full 22 days.

It’s unclear exactly how the hackers breached North County’s systems initially, or what POS malware strain was used to infect the networks of its clients.

More: https://www.infosecurity-magazine.com/news/pos-firm-hacked-malware-deployed-1/

A Deep Dive into Point of Sale Security

By: sikur

Many businesses think of their Point of Sale (POS) systems as an extension of a cashier behind a sales desk. But with multiple risk factors to consider, such as network connectivity, open ports, internet access and communication with the most sensitive data a company handles, POS solutions are more accurately an extension of a company’s data center, a remote branch of their critical applications. This being considered, they should be seen as a high-threat environment, which means that they need a targeted security strategy.

Understanding a Unique Attack Surface

Distributed geographically, POS systems can be found in varied locations at multiple branches, making it difficult to keep track of each device individually and to monitor their connections as a group. They cover in-store terminals, as well as public kiosks and self-service stations in places like shopping malls, airports, and hospitals. Multiple factors, from a lack of resources to logistical difficulties, can make it near impossible to secure these devices at the source or react quickly enough in case of a vulnerability or a breach. Remote IT teams will often have a lack of visibility when it comes to being able to accurately see data and communication flows. This creates blind spots which prevent a full understanding of the open risks across a spread-out network. Threats are exacerbated further by the vulnerabilities of old operating systems used by many POS solutions.

Underestimating the extent of this risk could be a devastating oversight. POS solutions are connected to many of a business’s main assets, from customer databases to credit card information and internal payment systems, to name a few. The devices themselves are very exposed, as they are accessible to anyone, from a waiter in a restaurant to a passer-by in a department store. This makes them high-risk for physical attacks such as downloading a malicious application through USB, as well as remote attacks like exploiting the terminal through exposed interfaces, Recently, innate vulnerabilities have been found in mobile POS solutions from vendors that include PayPal, Square and iZettle, because of their use of Bluetooth and third-party mobile apps. According to the security researchers who uncovered the vulnerabilities, these “could allow unscrupulous merchants to raid the accounts of customers or attackers to steal credit card data.”

In order to allow system administrators remote access for support and maintenance, POS are often connected to the internet, leaving them exposed to remote attacks, too. In fact, 62% of attacks on POS environments are completed through remote access. For business decision makers, ensuring that staff are comfortable using the system needs to be a priority, which can make security a balancing act. A straightforward on-boarding process, a simple UI, and flexibility for non-technical staff are all important factors, yet can often open up new attack vectors while leaving security considerations behind.

https://www.guardicore.com/2019/01/understanding-point-of-sale-security/More:

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist