Another major restaurant POS breach has been detected. This time, Cleveland-based Select Restaurants Inc., has had its POS system breached. Select Restaurants owns many well-known restaurants throughout the United States.
According to Brian Krebs, restaurants known to be affected by the POS malware infection include:
- The Rusty Scupper (Baltimore, MD)
- Parkers Blue Ash Tavern (Cincinnati, OH)
- Parkers’ Restaurant & Bar (Downers Grove, IL)
- Winberie’s Restaurant & Bar (Oak Park, IL., Princeton, NJ., Summit, NJ.)
- Black Powder Tavern (Valley Forge, PA)
The restaurant POS breach does not appear to have occurred at Select Restaurants, instead it was the chain’s POS vendor that was attacked – Geneva. IL-based 24×7 Hospitality Technology. The attack occurred via a remote access application that the company uses to remotely access, update, and maintain the POS system used by its customers.
After gaining access to the POS system, the attackers installed a form of malware known as PoSeidon. The malware records and exfiltrates credit card data when cards are swiped by restaurant staff when customers pay for their meals. The malware was installed and active for around 3 months from October 2016 to January 2017.
While fraudulent use of customers’ credit card details is often quickly detected by banks and credit card companies, it can be difficult to track those fraudulent card uses back to a specific retailer or restaurant. When major restaurant chains experience POS malware infections it is far easier to detect the source of the fraud. Malware infections at smaller restaurant chains can take much longer to detect. During that time, the credit card details of all of the restaurant’s customers can be stolen.
The remote access system could have been attacked using a variety of methods. If a weak password was used, it may have been guessed or a brute force attack could have occurred. Alternatively, an employee may have revealed a password by responding to a phishing or spear phishing email.
In this case, the malware was installed via the POS system provider, although a restaurant POS breach could just as easily occur. Restaurant chains can do little to prevent attacks on their POS system provider, but they can implement cybersecurity defenses to protect them against direct attacks.
Restaurants are major targets for cybercriminals. Malware can remain undetected for many months during which time many thousands of credit cards can be stolen. The consequences for restaurant chains can be severe. While customers may not experience any losses – their credit card company will usually refund any fraudulent purchases – the effect on a restaurant chain’s reputation can be permanent.
To protect systems from attack, restaurant chains should ensure software solutions are installed to block the most common attack vectors. Software must be kept up to date and patched promptly to prevent vulnerabilities from being exploited and antivirus solutions should be kept up to date and regular scans should be scheduled on all parts of the network.
For further information on how to prevent a restaurant POS breach and malware infections, contact the TitanHQ team today.