Another Restaurant targeted
The attackers are spending a predominant amount of their time looking for new targets and completing recon on these, in order to facilitate a successful attack on the chosen target(s).
A familiar target has been the restaurant industry. Their focus historically has been to cook and serve the clientele the dishes which were ordered. The focus is not with networking, InfoSec, or other computer issues, until a piece of the computer equipment breaks.
The usual assets targeted for exfiltration at the individual restaurants are the PoS systems, processing the credit card information. This data could be sold on the dark web after being bundled with many other credit card numbers, expiration dates and other data.
An attack, however from a different vector, occurred recently with the Mise En Place Restaurant Services, Inc. Instead of the general attack, this attack compromised the system and implemented ransomware. This unfortunate set of events was noted on March 15, 2018, when a portion of the network was a victim of the ransomware. The attackers had unauthorized access from approximately March 6th to March 15th, when this was noted.
As the servers were accessed, there is the potential for the data to have been exfiltrated. This may have included the client’s full legal name; social security number or federal identification number; passport, driver’s license, or resident card number; bank account number and the bank’s routing number; login credentials for the bank account; and other client and individual data processed by the Mise En Place Restaurant. This “may” have been exfiltrated due to a lack of direct proof this was stolen. Nonetheless, to be conservative, the restaurant notified the potentially involved parties.
In response to this, the restaurant hired a third party firm specializing in IT forensics to investigate the compromise. The firm also changed all the network passwords.
Although not expressly detailed, the network was compromised and data probably exfiltrated through various means. Without knowing the attacker’s methodology, there are still several standard methods to guard against this. An effective patch management program assists greatly with maintaining a secure foundation. An associated set of tools also would be quarterly vulnerability assessments and an annual PenTest.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.