Actu
Trump Hotel Collection possibly breached for second time in 12 months - expert comments
April 2016 by Andy Green, Senior Technical Specialist at Varonis
News broke earlier today that Trump Hotel Collection has once again been breached
through its credit card systems. This is not the first time the hotel chain has been
breached, with Trump Hotel Collection confirming in October 2015 that its payment
systems had been infected with data-stealing malware in May 2015.
The comments from Andy Green, Senior Technical Specialist at Varonis.
"The Trump breach is the latest report of a continuing string of attacks against the
hotel industry. As it turns outs, the attack vector for these hotel breaches is the
same PoS malware used against big box retailers. BlackPos and the other RAM-scrapers
variants have found hotels a good place to vacation — for months, apparently —
and to check out with a haul of credit cards. We know how these attackers get in and
how the exploit enfolds. A phish mail containing malware, typically a remote access
trojan, lands them on a user laptop, followed by a lateral move to the PoS servers,
and then the insertion of RAM-scrapers that search for credit card numbers. We also
have techniques and approaches to stopping or mitigating these attacks: employee
education, whitelisting of apps on the PoS server, limit networking options on user
laptops, and also finally user behavior analytics (UBA). UBA is a way to monitor
file activity and spot unusual behaviours—copying and moving of files – that are
atypical for that user. At some point these RAM-scrapers will have to dump the
credit card numbers to a file and transfer to an exfiltration server. Some UBA
technologies can spot and alert on these and other file system events."
