Visa Security Alert!
From Visa's Risk Management: For: IT, Information Security, IT Support
Visa has recently noticed an increase in malicious remote access activity associated with unauthorized access to merchant point-of-sale environments and ultimately, payment card data. Many remote access solutions are to provide remote management and technical support for retailers. Used maliciously, they can expose payment card data and other sensitive information to cybercriminals to log in, establish additonal “back doors” by installing malware and steal payment card data. The risk of data compromise substantially increases when remote access applications are not PCI DSS compliant.
Examples of common remote access vulnerabilities that can enable intruders to gain access to merchant POS environments. NOTE: most are also violations of the PCI DSS.
- Remote access ports and services always available on the Internet.
- Outdated or un-patched applications and systems.
- Use of default passwords or no password.
- Use of common usernames and passwords.
- Single-factor authentication.
- Improperly configured firewalls.
The attacks take place by successfully logging in to remote access applications with common username/password combinations. Once inside the network an intruder will typically take steps to disable anti-virus applications and establish additonal “back door” connectivity through the installation of malicious sofware. On systems where payment card data processed, card-capturing malware is often installed and used to collect full track data from the POS system. Finally, card data is removed to remote IP addresses.
We are urging you to share this information with your colleagues in the IT departments.