#CyberFLASH: Customers at Sheraton, Westin, other hotels hit by data-stealing hack

NYBZ120-15_2013_124926_highIf you stayed at a Sheraton, Westin or other Starwood hotel in the US or Canada this past year, you’ll want to keep an eye on your credit or debit card account.

Starwood Hotels and Resorts Worldwide said this week that point-of-sale systems at more than 50 of its hotels had been infected with malicious software. The malware, installed at gift shops, restaurants and other locations, let hackers make off with payment card data, including cardholder name, card number, security code and expiration date.

The company said in a statement that it has removed the malware and “implemented additional security measures to help prevent this type of crime from reoccurring.” It also said there’s no indication at this point that its guest reservation or preferred-guest membership systems were affected. The company added that there is no evidence that customer PINs or contact information were captured.

A list of affected hotels includes facilities in major cities, such as the Sheraton New York Times Square hotel, the Westin Michigan Avenue Chicago, the Westin Los Angeles Airport and Le Centre Sheraton Montreal. The Walt Disney World Dolphin hotel was also hit. Timing of attacks varied from place to place, but the earliest listed happened in November 2014, with the most recent occurring in March of this year.

Read more here

#CyberFLASH: Hackers are finding Canada

NYBZ120-15_2013_124926_highWe like to think that Canada is a country serious hackers aren’t interested in. But the latest figures from security vendor Trend Micro show we aren’t invisible to them.

Among the findings of its research collected in the first quarter, Canada was among the top countries that posted the highest number of point of sale RAM scraper infections. It placed seventh in the top 10 affected countries, with four per cent of the total number of infections.

Relative to other countries, four per cent isn’t big. But it does suggest attackers are figuring out that there are potentially lucrative targets north of the U.S.

Other figures show that Canada was in the top 10 countries affected by ransomware, sitting in ninth place with two per cent of all infections.

That’s part of a global increase in ransomware that started in the last quarter of 2014 and is continuing, the report notes. Also, crypto-ransomware — which encrypts files in network shares — jumped to account for nearly half of all ransomware infections and marked a four-fold increase in infections compared to the first quarter of 2014.

Perhaps most alarmingly, the numbers show Canada ranks ninth among the countries that posted the highest number of users who clicked malicious URLs in the first quarter of 2015.

Read more here

#CyberFLASH: RawPOS Point-of-Sale Malware Checks in to Hotels and Casinos

NYBZ120-15_2013_124926_highSecurity researchers have shed new light on seven-year-old point-of-sale (POS) malware still being used today, most recently to attack casinos and resort hotels.

RawPOS was first spotted in a Visa Data Security alert in 2008 and has been used repeatedly with success by cyber-criminals in order to steal valuable magstripe data from victims in the United States, Canada, Europe, the Middle East, and Latin America.

As such, it may have been “instrumental to previous credit card breaches documented and not previously attributed to this particular PoS threat,” Trend Micro claimed in a blog post.

RawPOS features a three-stage modular design.

The first is designed for persistence, installing the malware and ensuring its memory dumper and file scraper are launched.

The second features two memory dumpers: “one generic dumper that can be called to dump a specific process, and another dumper that is designed for specific processes that target specific PoS applications.”

This generic dumper element is time-sensitive, so that if an attacker isn’t able to return to the target environment a month after compile time, it will stop all suspicious activity, making dynamic file analysis difficult, Trend Micro claimed.

The file scraper parses the dumped files from the memory dumper, scrapes the credit card data and encodes the dumped data.

The modular design means attackers can tailor the threat according to target environments, Trend Micro said.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.