Malware that targets point-of-sale systems in the hospitality sector stalks prey where security isn’t

Next story

While 2020 has been a tough year for most, the hospitality and retail industries have taken a significant blow, with national and regional lockdowns forcing closures, and the need to rapidly adapt venues to accommodate less capacity when they are able to open. ESET researchers have discovered that on top of this, businesses could have to contend with a backdoor specifically targeting a point-of-sale software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.

The malware, known as ModPipe, targets the point-of-sale software ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS, which is used extensively in the hospitality and retail industries, and with a majority of the identified targets in the US. What makes ModPipe distinctive are the capabilities of its downloadable modules – one of which employs a custom algorithm to gather RES 3700 POS database passwords by decrypting them from Windows registry values.

In a year in which the hospitality and retail industries have already suffered huge blows, a cyberattack resulting in the loss of sensitive information such as database passwords could cripple already struggling businesses. Among the potential targets, many retail and hospitality venues are small businesses, and a data breach or attack of this magnitude can be devastating and much harder to recover from than for a large corporation or enterprise.

Technology innovations aiming to enhance point-of-sale systems are being released thick and fast, from contactless pay-at-the-table solutions to integrations between smartphones and card readers. And while these technologies are no doubt useful and provide a more seamless business and customer experience, it is important that they are 100% secured before being widely adopted.

As such, it is more vital than ever that businesses in every industry are protected with advanced and robust cybersecurity software. While it seems that information such as credit card numbers and expiration dates have not been compromised in the ModPipe attacks, the sophisticated nature of the malware is a reminder that the cyber-threat landscape is always evolving. While ModPipe is a new, previously unknown malware uncovered by ESET researchers, businesses in the retail and hospitality sectors should be mindful of a number of POS-focused threats.   

Such threats include skimmers, which are directly installed on POS terminals by hackers and can steal information stored on payment cards' magnetic strips. RAM scrapers can also scan specific portions of POS terminals' memory systems, pinpointing customer card data for theft. From there, the RAM scraper is able to exfiltrate the data back to the malicious actors running the attack.

A rarer attack method is the exploitation of Thunderspy vulnerabilities, in which POS systems used as cash registers may have vulnerable Thunderbolt ports. And last, but certainly not least, just like a personal laptop or computer, POS software can contain vulnerabilities, so it is critical that businesses are always using the most up-to-date version of the software.

Not only that, but it is also vital that devices running POS software are also running on the latest versions of operating systems and that they are secured with a reliable, multi-layered security software solution like ESET Endpoint Security, which can detect ModPipe and similar threats. With a comprehensive software solution as your foundation, you can vet the security practices of your selected POS software provider to make sure they encrypt sensitive data like credit card numbers, expiration dates and passwords.

Keep POS machines in tamper-resistant enclosures or lockboxes where the computer’s vulnerable ports are not accessible to the public. Finally, ensure default passwords provided by POS systems manufacturers are changed and that POS systems never run on a public or unsecured Wi-Fi network.

Amongst the chaos of this year, it can be difficult to keep sight of shifting business priorities. However, businesses in the retail and hospitality industries cannot lose sight of the importance of staying security minded, when it is clear that the basic digital infrastructure of transactions is vulnerable. Although the threat landscape is constantly evolving and advancing, investing in a comprehensive security solution and following the guidance from ESET researchers provided in this blog can ensure that you are always one step ahead of, and protected from, attacks.