[BreachExchange] Latest Hotel Malware Infection Could Just Be The Tip Of The Iceberg

Audrey McNeil audrey at riskbasedsecurity.com
Wed Aug 17 20:28:25 EDT 2016


https://get.com/news/latest-hotel-malware-infection-could-
just-be-tip-iceberg/

A leisurely stay at a hotel is almost like playing the lottery these days,
and as absurd as it sounds, it depends a whole lot on your luck. Following
reports released last week that a number of major hotels have been hit by a
malware infection in their point-of-sale systems, at least 20 hotels
operated by HEI Hotels & Resorts on behalf of Starwood, Marriott, Hyatt and
Intercontinental may have leaked credit card information from their
thousands of transactions involving food, beverage, spa treatments and
pretty much anything you have to swipe or dip your card to pay for your
purchases at a hotel.

The PoS malware was uncovered in mid-June at hotel restaurants, bars and
gift shops. According to a statement from HEI, the malware stole names,
card numbers, expiration dates and verification code of customers who used
their cards at PoS terminals at hotels in Boca Raton, Fort Worth, Chicago,
Santa Barbara, Tampa, Miami Beach, Arlington, San Francisco, San Diego,
Minneapolis, Pasadena, Philadelphia, Washington D.C., Fort Lauderdale and
several other cities starting as early as March 2015. PIN numbers were not
collected. You can find a full list of the affected hotels and the dates of
exposure at HEI's website.

You don't have to worry if you'd booked your stay at a hotel using a card.
The malware only affected PoS terminals within the hotels. But if you'd
bought anything while staying at a Marriott, Starwood, Hyatt or
Intercontinental hotel anytime within the last year, you should probably
keep a close eye on your monthly statements for a while.

If previous hotel hacks have taught us anything at all, it is the fact that
the breach is usually worse than companies involved would like to admit.
HEI says it's working with forensic experts to assess the damage. You can
call HEI at 888-849-1113 for more information about the "incident".

Nobody knows exactly how many customers could have been affected by the
compromised PoS terminals, but an HEI spokesperson warned that about 8,000
transactions occurred during the affected period at Hyatt Centric Santa
Barbara, and another 12,800 at the IHG Intercontinental in Tampa.

Another report by Visa shed light that PoS terminals sold by Oracle's
MICROS division have been compromised and it could very well make the HEI
malware attack just the tip of the iceberg of a massive global fraud
network.

Visa revealed that PoS terminals made by Oracle MICROS are vulnerable to
remote malware attacks, particularly a malware version called MalumPOS,
which specifically targets PoS systems in hotels. MICROS is 1 of the top 3
PoS vendors worldwide, and PoS terminals are used at more than 330,000 cash
registers, including more than 30,000 hotels, including those managed by
HEI.

Oracle sent a bulletin to all its customers last week recommending that
they change their passwords for any account used by MICROS representatives
to access their systems. Security expert Brian Krebs says that the MICROS
vulnerability could be the root of a number of unexplained PoS malware
attacks which had happened over the last year.

So far, the MICROS vulnerability and the HEI malware have not been proven
to be connected, but if there is a link, the number of compromised cards
could potentially go from tens of thousands to millions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160817/4844128a/attachment.html>


More information about the BreachExchange mailing list