Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/10/2015
01:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Point-of-Sale Device Manufacturer Investigating Card Breach At Soup Franchise

Are remote administration exploits or new malware strains to blame for the compromise of NEXTEP devices at Zoup! soup shops?

Point-of-sale system manufacturer NEXTEP is investigating a possible data breach, after law enforcement notified them about a pattern of fraudulent use of credit cards used recently at several franchise locations of one of NEXTEP's biggest customers -- Zoup!, a soup shop chain in the Northern U.S. and Canada. 

Details are still sketchy. NEXTEP confirmed to Brian Krebs of KrebsOnSecurity that it had found a security issue in its PoS devices, but the nature of that issue has not yet been revealed. No PoS malware have been mentioned. However, NEXTEP has also said that the problem does not affect all of its customers, so it could relate to the implementation of NEXTEP systems at different companies. 

Over the summer, the attack de rigeur was breaching PoS systems by exploiting companies' remote administration tools and uploading malware like Backoff that exflitrated magnetic stripe data residing on PoS devices. It's possible that this latest incident is similar, but no evidence to that effect has been released yet. Some things can be inferred, though. 

"The NEXTEP Systems breach affected more than one location, which indicates this breach occurred over the network versus at the hands of employees," says Paul Martini, CEO of iboss Cybersecurity. Martini says that this problem can get worse.

"As more advanced protocols that go beyond web-based http protocols continue to be used more and more, the security systems in place will have to learn to secure them," says Martini. "For now, most security platforms focus only on HTTP web protocols. They are either blind to the fact that the protocols being used to exfiltrate data and infect systems are non-http, or are simply ignoring it because they cannot handle non-web http data. The cybersecurity platforms of the future will deal with sensing and containing communication over non-standard protocols. Until this happens, hacks like this will continue to occur on a daily basis.”

George Rice, senior director of payments for HP Security Voltage says that restaurants, in particular, are more at risk than other kinds of brick-and-mortar companies that use point-of-sale systems. 

"Legacy point-of-sale systems for the restaurant industry may use non-encrypting integrated magstripe readers for card acceptance," says Rice. "In addition, newer technologies, like pay-at-the-table and mobile payment terminals must safely capture and transmit payment card data, often via WiFi or cellular networks for authorization."

[Why are magstripe readers and mobile payment systems potential problems? See "7 Things You Should Know About Secure Payment Technology."]

"Frequently, restaurant franchisees are often given the flexibility of managing their own POS systems," says Rice, "which makes brand-wide payment security a big challenge."

This poses a major problem for brands, because regulating bodies and the Federal Trade Commission may assign liability for breaches to the brand, not the franchisee, anyway, as they ruled in a case against the Wyndham Worldwide hotel corporation. Dark Reading discussed this in a story about the breach that hit 395 of Dairy Queen's franchise locations in August. 

"Breaches like this will continue until two key processes change," says Rice. "First, restaurants need to implement [point-to-point encryption] so that payment information is encrypted at the time of capture and can be safely stored until the transaction is sent to a secure decryption environment.  Equally important, transaction approval responses should be in the form of a token instead of original card values so that the business operator may safely store the payment information for future use.”

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
BogdanShumei
100%
0%
BogdanShumei,
User Rank: Apprentice
3/13/2015 | 12:30:22 PM
System Break
Well, such system brakes are frequent nowadays but with constand development companies like b2bsoft.com are creating more secure environment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1627
PUBLISHED: 2020-04-08
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...
CVE-2020-1628
PUBLISHED: 2020-04-08
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading...
CVE-2020-1629
PUBLISHED: 2020-04-08
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; ...
CVE-2020-1630
PUBLISHED: 2020-04-08
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...
CVE-2020-1634
PUBLISHED: 2020-04-08
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue ...