Results 1 to 1 of 1
Hybrid View
-
10th Jul 2014, 03:58 PM #1
Botnet Targets Point-of-Sale Systems
A new botnet has been discovered by security researchers, who observed that it uses the infected machines to scan for the presence of point-of-sale systems and gain access to the information through brute-force attacks.
Los Angeles-based cyber threat intelligence firm IntelCrawler says that the name of the botnet project was released on the underground forums in May 2014.
According to the company, the malware it uses “collected indicators like subnet IP ranges and commonly used operators, supervisor, and back office administrator logins, some of which are default manufactures passwords for famous Point-of-Sale equipment.”
Some technical documentation provides the default credentials for initial access to the systems, and has been added to the dictionary used by the cybercriminals for the brute-force attacks.
Because of the botnet distribution, the operators behind it are capable of scanning multiple IPv4 network ranges of certain TCP ports, as well as using the brute-force technique to determine the log-in credentials for remote administration services like VNC, Microsoft RDP, and PCAnywhere.
In a recent incident that affected a reseller of POS systems, the crooks used stolen credentials for the LogMeIn account to gain unauthorized access to information related to POS transactions.
IntelCrawler says that in the case of “@-Brt,” the malicious software includes multi-threading support, a feature that permits running through the dictionary database at a much faster pace.
The company detected that several prominent merchants have been affected by the malware and scanning of IPv4 ranges of large ISPs (Internet Service Providers), AT&T Internet Services, Sonic.net and SoftLayer Technologies being among them.
Multiple variants of the malicious software exist, with modifications that may aim at increased optimization and could have been written by different authors.
A list of commonly used passwords for the compromised POS terminals includes simple and easy to crack text strings, such as “posrn,” “terminal,” “admin12345,” “manager,” “hotel,” “operator,” “posadmin,” and “pos12345.”
It appears that administrators used numerous variants of “aloha” as the access restriction password, the “aloha12345” passcode being used in 13% of the cases, followed by “micros” (10%), “pos12345” (8%), “posadmin” (7%), and “javapos” with 6.30%. All of these are extremely weak passwords that can be cracked in a matter of minutes, depending on the specifications of the machine used.
As far as the geographical spread of the botnet is concerned, the security company provides a chart showing infected computers in Germany, Japan, Mexico, Bulgaria, India, Jordan, Hong Kong, Antilles, Philippines, and Korea.Kepler Reviewed by Kepler on . Botnet Targets Point-of-Sale Systems http://i1-news.softpedia-static.com/images/news-700/Botnet-Targets-Point-of-Sale-Systems.jpg A new botnet has been discovered by security researchers, who observed that it uses the infected machines to scan for the presence of point-of-sale systems and gain access to the information through brute-force attacks. Los Angeles-based cyber threat intelligence firm IntelCrawler says that the name of the botnet project was released on the underground forums in May 2014. According to Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
FilePost.com - Up to $35 for downloads or 60% of sales&rebills (Official Thread)
By FilePost in forum File Hosts Official SupportReplies: 4687Last Post: 23rd Jan 2012, 10:34 PM -
What's the point of...
By tres in forum General DiscussionReplies: 3Last Post: 30th Oct 2010, 01:02 AM -
What is the point of the php extends in relation to classes?
By timtamboy63 in forum Web Development AreaReplies: 11Last Post: 16th Oct 2010, 07:59 AM -
What's the timezone of Hotfile system?
By kohkindachi in forum Webmasters, Money MakingReplies: 3Last Post: 16th Jul 2010, 01:09 PM -
RS Collector's Acc around 4000 Free and 10314 PU Points for Sale
By burhan in forum Completed TransactionsReplies: 8Last Post: 16th Oct 2009, 05:49 PM
themaPoster - post to forums and...
Version 5.22 released. Open older version (or...