[ad_1]
Cyber security researchers have discovered “ModPipe” malware targeting POS devices. ModPipe allows access to sensitive information stored in RES 3700 POS devices used by thousands of bars, restaurants, hotels and other hospitality organizations around the world. The impressive thing about ModPipe is that it has downloadable modules.
ModPipe malware detected by cybersecurity organization Eset targets Oracle Micros Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) management software. This software is used in hundreds of thousands of POS devices in hospitality and food establishments around the world. According to Eset’s findings, most of the targets for which malware is determined are located in the United States.
ModPipe; RES 3700 is a backdoor with a proprietary algorithm, designed to decode and acquire POS database passwords. It differs from other malicious software in this direction with its downloadable modules.
WHAT INFORMATION DO YOU LOSE?
Thanks to the leaked credentials, ModPipe operators can access the contents of the database, including various definitions and configurations, status tables and POS transaction information.
Eset researcher Martin Smolár, who discovered ModPipe, said: “According to information on POS RES 3700, attackers cannot access a lot of sensitive information such as credit card numbers and expiration dates protected by encryption.” The customer data that attackers can access should be limited to the names of the cardholders. ”
DOWNLOADABLE MODULES
Martin Smolár continued: “The most impressive aspect of ModPipe are its downloadable modules. “We have been aware of this backdoor since we found and analyzed its main components in 2019.”
Smolár explained the downloadable modules and functions as follows:
– GetMicInfo targets Micros POS data, including passwords associated with two manufacturer-predefined database usernames. This module can capture and decrypt these database passwords using a specially designed algorithm.
– ModScan 2.20 scans the selected IP addresses and collects further information about the Micros POS environment installed on the machines.
– The main goal of ProcList is to collect information about the processes currently running on the machine.
OWN WIDE KNOWLEDGE ABOUT POS
“ModPipe’s architecture, modules and functionality also demonstrate that its authors have extensive knowledge of the targeted RES 3700 POS software,” says ESET researcher Smolár. Operators may have acquired their expertise in many different ways, from theft and engineering of proprietary software to retrospective review or purchase of leaking parts from the underground market, ”he added.
HOW TO TAKE PRECAUTIONS?
Potential victims of RES 3700 POS users in hospitality and other industries who want to stay away from ModPipe operators are recommended to:
– Using the latest version of the management software.
– Use of the software on devices with updated operating systems.
– Using reliable multi-layered security software that can detect ModPipe and similar threats.
Source link
