A group of Russian hackers has hit cash registers provided by five vendors. The cash registers affected are distributed by Cin7, Navy Zebra, Uniwell, PAR Technology, and ECRS. All the vendors combined supply point of sale machines to more than one million customers. This news comes days after a report on KrebsonSecurity confirmed a data breach from involving Oracle owned MICROS PoS machines.
Clearly, the vendors affected are major providers of these machines in America. Therefore, the number of people potentially affected in this hack is great; literally, the credit cards of all Americans could be victims of the breach. PoS machines have become easy targets for hackers, and attractive targets considering the data they store that includes customer’s credit card data. For now, it is unclear whether the hackers obtained any sensitive data.
The data breach, as reported by Forbes, revealed usernames and passwords. The information is according to Holden Security, a cyber-security firm founded by Alex Holden. Alex Holden claimed that the people behind the breach showed him the username and passwords to backdoors of the vendors’ servers.
Four out of the five vendors whose machines were victims of the breach confirmed the hack while the fifth said it was investigating the issue. According to ECRS, a PoS systems vendor with thousands of customers across the United States, the hackers breached myECRS, a web portal customers use to download software and access technical support as well as review ECRS products. The hackers placed malicious code on the web page.
The hacker exploited a vulnerability in the web server software. ECRS pointed out that there is no sensitive information that is required from users on myECRS, such as credit card information. However, the hackers may have obtained contact information of customers including their addresses, phone numbers and email addresses.
Cin7, a UK-based cash registers vendor, with hundreds of paying customers in more than 51 nations, confirmed that malicious malware was found in one of the servers. The company has since removed the malware. The malware was supposed to obtain passwords from the database. All other affected companies apart from Navy Zebra confirmed the breach. The companies seem to suggest that the hackers did not get away with sensitive information.
Krebs seemed convinced that the Carbanak Group was behind the MICROS hack since the hack originated from a server operated by the group. Carbanak is the name of a collection of malware that researchers believe is operated by a gang based in Russia. Recentl reports indicate that the Carbanak malware is used by more than one group.
Whoever is using the Carbanak malware seems overly interested in American point-of-sale machines. In the process, they are obtaining tonnes of American credit card data.