The Inquirer-Home

Credit card poachers are in your hotel

Hacking techniques are being sold in underground forums
Thu Apr 19 2012, 10:57

CRIMINALS ARE EXPLOITING hotel point of sale applications to siphon off travellers' credit card details.

Security firm Trusteer said it had found a pretty good trade in the technology in underground forums, adding that the check-in software represents a different target from home user computers.

The firm said that it had found the attack code for sale for around £200 in underground forums. The code uses a Trojan to take credit card information from guests via the hotel point of sale or check-in machine. Anyone that buys it will be given a package of information, including advice on how to get someone to install the spyware on the machine.

The Trojan uses spyware and a series of screengrabs to gather up personal and credit card information. Importantly, the spyware is not detected by anti-virus software.

According to Trusteer this is a good example of the way that attackers are changing their methods and looking at industries other than banking as sources of revenue.

"Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises," said Trusteer's CTO Amit Klein.

"One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?