This is the scenario: a group of hackers call hotels or restaurants, then send email attachments that look like customer information. Eventually, this will lead to a cyber-attack. Here’s a report on some modus operandi that IT Services in Australia and across the globe should be very careful about.
A word of warning to hotel and restaurant chains: be aware, beware. A notorious cyber-criminal gang is conning businesses into installing malware by calling their customer services representatives and then tricking them to open malicious email attachments.
The suspects in these hacks, which are designed to steal customers’ credit card numbers, appear to be members of the notorious “Carbanak Gang” – a group that, as reported last year, was able to steal as much as $1 billion from banks around the world.
Last week, the security firm Trustwave said that some of its clients in the past month had encountered malware built with coding found in past Carbanak operations.
These particular acts have been preying on the hospitality industry, according to Brian Hussey, Trustwave’s global director of incident response. This is how they work: the hackers start by calling a business’s customer service line, pretending to be clients who can’t access the online reservation system.
To spread the malware, they will also send an email to the customer service representative with an attached word document purportedly containing reservation information. But horribly, this document is designed to download malware to the recipient’s computer.
These cyber-criminals are very persistent, Hussey said. “They’ll stay on the line with the customer service rep until they open up the attachment.” Hussey also mentioned “they have excellent English.”
The hackers are also very resourceful and convincing. They research about their targets on business networking sites such as LinkedIn, and so they’ll find out the names of company department heads. “During the call, they’ll do some name-dropping to establish credibility,” Hussey stated.
Once the malware finds its way into the victim’s system, it will download malicious tools to tamper with the business’ network. The goal of the attack is to obtain credit card numbers from point-of-sale machines or e-commerce payment processes, according to Hussey.
In the past few years, merchants, retailers, restaurants and hotels have all been hit by similar attacks intended to steal payment card data. The malware in this case is more harmful than most. It includes the ability to grab screenshots from the desktop, steal passwords and email addresses, and scan a network for valuable targets.
What’s alarming is that most, if not all, antivirus software has failed to detect the malware used in these hacks, according to Trustwave.
“We’ve talked to our law enforcement contacts, and they are seeing the same thing,” according to Hussey.
In an online post, TrustWave outlined the crucial details of the malware and other indicators that businesses can use to determine if they’ve been attacked.
“Once this malware finds what it wants, it can steal every single credit card that passes through your servers,” Hussey mentioned. “For a large restaurant chain, that can be a million customers over a period of time.” It is advised that IT support in Australia or anywhere in the world should be increasingly careful in monitoring or preventing such attacks for their clients’ safety.