Botnet brute-forces remote access to point-of-sale systems

A new malware threat scans the Internet for POS systems and tries to access them using common usernames and passwords

By Lucian Constantin, IDG News Service |  Security

Data collected from these servers suggests that the botnet is made up of 5,622 compromised computers from 119 countries. The researchers identified 60 RDP-enabled systems -- most likely POS terminals -- that have been compromised, 51 of which are based in the U.S.

"The most common username was 'administrator' (36) and the most common passwords were 'pos' (12) and 'Password1' (12)," the FireEye researchers said.

According to IntelCrawler's data, other remote access passwords frequently used on the compromised systems were aloha12345, micros, pos12345, posadmin and javapos.

"While there is insufficient information to determine attribution, there is some information which indicates that the attackers are in Eastern Europe, probably Russia or Ukraine," the FireEye researchers said.

In recent years POS systems have become a significant target for cybercriminals. Security firm Trustwave recently reported that over a third of data breaches the company investigated last year involved intrusions into POS terminals. Weak passwords, especially those for VPNs (virtual private networks), SSH (Secure Shell) and remote desktop connections remained a leading cause of breaches, the company said.

Brute-forced remote access connections and stolen credentials were the primary vectors for POS intrusions in 2013, Verizon said in its own data breach investigations report in April.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness