Hackers hit more businesses through remote access accounts

More lessons in why companies must monitor third-party access to their networks

Hackers recently broke into payment systems at several northwestern U.S. restaurants and food service firms via a remote access account belonging to one of their vendors, another example of the need for companies to monitor third-party access to their networks.

Information Systems and Supplies (ISS), a Vancouver, WA-based provider of Point of Sale (PoS) systems to restaurants and bars in the region, has warned its customers that hackers may have accessed their payment systems using ISS' remote login credentials

ISS president Thomas Potter said a LogMeIn account used by the company to remotely support and manage customer networks, was thrice breached between February 28 and April 18. LogMeIn technology lets systems administrators and service providers like ISS remotely login to customer servers and PCs.

Potter said someone illegally used his company's LogMeIn account to plant data stealing malware on PoS systems belonging to ISS customers. "We have reason to believe that the data accessed could include credit card information from any cards used by your customers between these dates," Potter said in a letter addressed to ISS clients last month.

Bankinfosecurity.com was the first to publish details of the breach in a report Tuesday.

Potter told Computerworld that it's not clear how the hackers obtained ISS' LogMeIn username and password, but surmised it might have been via a phishing attack.

Prior to the intrusion, ISS used a common password to access its LogMeIn account allowing the hackers to easily log into payment networks of multiple ISS customers, he said. Following the breach, the company has instituted separate passwords for accessing individual customer accounts, Potter noted.

ISS has also worked with customers to identify and remove the malware from their networks, he said.

A security vendor and the U.S. Secret Service are investigating the scope and nature of the breach.

The incident illustrates the need for businesses to keep a constant eye on third-party access to their networks. In recent years, numerous companies have opened up their networks to vendors, partners, suppliers and others to streamline business processes and enable better service and support.

Few, though, implement standards or processes for governing third-party access to their networks.

The massive data compromise at Target for instance, began when a hacker gained access to one of the retailer's systems via a remote access account belonging to a heating, ventilation and air conditioning company. Hackers were able to use that access to gain a foothold on an internal system and then use that to leapfrog to other systems inside Target's network.

Trustwave last year estimated that 63% of 450 data breaches studied by the security vendor were caused by security vulnerabilities that were introduced by a third party.

Small businesses and franchises within the food and beverage industry and the retail sector were most often impacted by third-party security failures according to Trustwave. "Many third-party vendors leave the door open for attack, as they don't necessarily keep client security interests top of mind," Trustwave concluded.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingsecuritycomputerworldlogmeinMalware and Vulnerabilities

More about ISS GroupLogMeInLogMeInTopicTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place