Following the news about Hutton Hotel Breach, Brian Laing, VP Products and Business Development at Lastline commented below.

Brian Laing, VP Products and Business Development at Lastline:

Brian Laing“It is hard to tell the specifics afflicting the Nashville Hutton Hotel, but the Hotel disclosure did state, ‘Findings from the investigation show that unknown individuals were able to install a program on the payment processing system at the Hutton Hotel designed to capture payment card data as it was routed through the system.’ This is a statement of presence of malware.

“Point of Sale (POS) systems tend to rely on older operating systems, nearly all Microsoft Windows. Interestingly, it is very common to find Windows XP in current distribution for POS systems even today.

“Though there are a plethora of exploits for Windows XP given its age in service. Lastline has well documented many a POS-specific exploits, including the topical and ever proliferating ModPOS, as one example which really only needs a 32-bit Windows system to work and acts as a “framework” for the criminal. That is to say, the criminal can use it as a place to “plug in” a set of “services” to run any number of activities in the host environment including gathering more machines in its grasp, gathering personal payment information etc.  Since ModPOS works at the kernel level, or at a very low level in the computing stack, most security scanning systems will miss its presence. Many times these hacks are discovered by customers reporting false charges or stolen identities en masse, rather than the security department of the organization detecting and blocking the malware. It is impossible to say without the benefit of the the private security report from the Hotel itself, whether the exploit of the Hutton was, in fact, ModPOS.”

Information Security Buzz