{"id":623,"date":"2015-05-12T18:00:04","date_gmt":"2015-05-13T01:00:04","guid":{"rendered":"http:\/\/sintelsystemspos.com\/?p=623"},"modified":"2015-05-05T10:31:39","modified_gmt":"2015-05-05T17:31:39","slug":"the-infostealer-rawpos-trojan-hides-covers-tracks","status":"publish","type":"post","link":"https:\/\/sintelsystemspos.com\/ar\/the-infostealer-rawpos-trojan-hides-covers-tracks\/","title":{"rendered":"The “infostealer.rawpos” Trojan Hides, Covers Tracks"},"content":{"rendered":"

\"Computer<\/a>South Carolina-based C&K Systems has released further details of its 18-month-long system breach, which went on to affect customers at Goodwill and two additional unnamed retailers.<\/p>\n

The news corroborated earlier reports from Goodwill that its point of sale (POS) systems had been infected by malware from February 1, 2013 to Aug. 14, 2014.<\/p>\n

In a recent post on ThreatPost.com, Chris Brook reports that, while C&K admits that the company was informed by an independent security analyst at the end of July that its system might have been compromised, it wasn\u2019t until September 5, that it was able to confirm the attack.<\/p>\n

As the only full-service point of sale provider \u2014 from software development to franchise incubator to ongoing support \u2014 part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news.<\/p>\n

Here are the highlights of Brook’s post, “POS Service Confirms Goodwill Breach Lasted 18 Months”:<\/p>\n

\u2022 Ultimately, a cyber investigative team hired by the company was able to detect infostealer.rawpos, a type of point of sale malware that gained access to payment card information at its Managed Services hosting facility.<\/p>\n

\u2022 The Trojan program searches for track one and track two data from credit cards and then forwards the information to remote servers controlled by the criminals.<\/p>\n

\u2022 “C&K\u2019s\u00a0Managed Services\u00a0system is responsible for managing the point of sale environments, workstations, cloud storage and antivirus of its customers, primarily\u00a0large retail chains,” Brooks writes.<\/p>\n

\u2022 According to the report, C&K\u2019s\u00a0Managed Services\u00a0system is responsible for managing the point of sale environments, workstations, cloud storage and antivirus of its customers, primarily\u00a0large retail chains.<\/p>\n

\u2022 “While C&K counts more than 500 companies as clients,” Brooks writes, “it\u2019s not exactly clear, in addition to Goodwill, which other two companies were breached.”<\/p>\n

\u2022 C&K says that fewer than 25 of the payment cards that were stolen over that 18-month period have been used fraudulently so far.<\/p>\n

\u2022 C&K says it has implemented “cutting-edge technologies” that will identify advanced persistent threats (APTs) going forward, and that the company will continue to work closely with law enforcement to “investigate and pursue criminal prosecution.”<\/p>\n

\u2022 Brooks notes that Krebs on Security\u00a0reported on July 21\u00a0that several banks had begun noticing stolen credit and debit card numbers associated with Goodwill customers were being circulated, yet it wasn\u2019t until September 2 that the company admitted in\u00a0a letter to customers that it was affected by a “data security issue.”<\/p>\n

\u2022 Many reports\u00a0claim that a six-week investigation\u00a0at Goodwill uncovered\u00a0that\u00a010 percent of stores (330 total)\u00a0and approximately 868,000 payment cards were exposed in the breach.<\/p>\n

\u2022 All payment card information, customers’ names, payment card numbers and expiration dates are all in danger of being compromised.<\/p>\n

\u2022 Goodwill mentioned the 18-month breach timeframe in the letter but failed to name the vendor and the type of malware, instead claiming a\u00a0\u201cthird-party vendor\u2019s systems\u201d had been implicated.<\/p>\n

\u2022 Brook notes that while C&K acknowledged that the software it uses conforms to PCI-DSS requirements around data encryption, it also made it clear that “there is no 100% fail-safe security solution for hosting Point of Sale environments.”<\/p>\n

\u2022 “Point of sale malware has been a scourge on retail over the last year,” Brook writes. “Companies like\u00a0Home Depot,\u00a0Neiman Marcus,\u00a0Michaels\u00a0and of course\u00a0Target\u00a0have all been targeted and breached to different\u00a0extents.”<\/p>\n

Read Chris Brook’s full threatpost.com post here<\/a>.<\/p>\n

For more insights into point of sale security, check out our related posts,\u00a0Criminals Hit Their Target, 40 Million Cards Affected<\/a>, US, Canada and Others Hit By POS Infections<\/a>, P.F. Chang’s China Bistro Gets Targeted<\/a>, “Backoff” Tracking Memory Taking Credit<\/a>, and In Loving Memory Of Your Credit Card Data<\/a>.<\/p>\n

Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.<\/p>\n

Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.
\n<\/b><\/p>\n

If you are interested in learning more about Sintel\u2019s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.<\/p>\n

Sintel Systems<\/a>\u00a0is the only direct to end user full-service provider of tailored Point of Sale systems across retail, restaurant and service industries, including\u00a0frozen yogurt shops<\/a>,\u00a0pizzerias<\/a>,\u00a0sushi restaurants<\/a>,\u00a0caf\u00e9s<\/a>\u00a0and\u00a0retail stores<\/a>.<\/p>\n

As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget.\u00a0Hardware<\/a>\u00a0–\u00a0Software<\/a>\u00a0–\u00a0Support<\/a><\/p>\n

Questions or Comments:\u00a0Contact us<\/a>\u00a0855-POS-SALES\u00a0www.SintelSystems.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

South Carolina-based C&K Systems has released further details of its 18-month-long system breach, which went on to affect customers at Goodwill and two additional unnamed retailers. The news corroborated earlier reports from Goodwill that its point of sale (POS) systems had been infected by malware from February 1, 2013 to Aug. 14, 2014. In a […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-623","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"czr-hentry"},"_links":{"self":[{"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/posts\/623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/comments?post=623"}],"version-history":[{"count":1,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/posts\/623\/revisions"}],"predecessor-version":[{"id":624,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/posts\/623\/revisions\/624"}],"wp:attachment":[{"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/media?parent=623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/categories?post=623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sintelsystemspos.com\/ar\/wp-json\/wp\/v2\/tags?post=623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}