Internet security company ESET discovered a new malware called ModPipe that’s targeting Point-of-Sale (PoS) devices popular in the hospitality sector, especially in the US. The malware is a modular backdoor that allows hackers to access sensitive information logged on PoS devices running the Oracle Micros Restaurant Enterprise Series (RES) 3700. Hundreds of thousands of restaurants, bars, hotels, and other industry establishments use the management software. In fact, Oracle describes it as the "most widely installed restaurant management software in the industry today," managing loyalty programs, inventory, reporting, mobile payments, and promotions.
According to ESET researchers, ModPipe contains an algorithm that collects passwords stored on the RES 3700 database by decrypting them from Windows registry values. This sophisticated method shows the attackers have “deep knowledge” of the software. Most cybercriminals follow the more standard approach of keylogging and credit-card skimming. The researchers say there are possibly three ways through which cybercriminals managed to create the algorithm. The most likely option is that they stole the software and reverse-engineered it, including the libraries in charge of password encryption and decryption. They also could have bought the code on the dark web or acquired it when Oracle suffered a data breach in 2016.
But ESET says despite the access to sensitive data, ModPipe cannot put its hands on credit card numbers or expiry dates in its current state. This data is under the protection of RES 3700’s encryption standards. As a result, the only payment-related info that hackers can acquire is the name of the cardholders. The research team still doesn’t know how ModPipe operators distribute the malware, but they say that most of the successfully breached devices are from the United States.
Virtual private networks (VPNs) lower hacking and cyber threats when shopping by encrypting your traffic and concealing your IP address. TheVPN.Guru is home to the latest, unbiased VPN reviews and offers guides on how to bypass online geographic restrictions.