Tuesday, October 14, 2014

Malware Research: Another Supermarket Chain Investigating Malicious Malware

SLC Security Services LLC is working with yet another retailer to investigate a possible breach of their POS systems. During an initial review it appears as though information was being gathered via a unsecured wireless network that services the chains warehouse inventory system. Of the 16 inspected access points so far only one has been identified as a risk and was noted in an earlier security audit as a problem.

The chain is working with investigators to ensure that none of it's other locations are affected. It appears as though the vendor responsible for servicing the affected location failed to enable the correct security settings on the router during a failure replacement over 6 months ago.

There is no indication that there has been a breach but the potential for abuse existed undetected for over 4 months. This issue is directly related to a vulnerability noted with Belkin and Linksys routers that we alerted customers about in August and September. Our clients began researching and through that process learned of the incorrectly configured device.

We highly recommend that if you are using Linksys or Belkin wireless access points that you either replace the firmware that ships with the Smart Routers or that you replace the hardware device with something that is not centrally managed from a remote location such as with the Linksys varieties.

Upon reviewing the logs of the retailer while machines were in fact infected with malware the network configuration at this retailer that we implemented late last year prevented the malware from being able to talk to the command and control facilities of the botnet. It is confirmed that no information was able to be removed from the client's premises and no breach of data has been seen. The client was able to provide packet logs from the entire time frame that the device was not configured properly and no data left the facility.


No comments:

Post a Comment