29 April 2017
visit nextgenbanking.co.uk

Botnet takes advantage of weak passwords to hack POS systems

10 July 2014  |  7104 views  |  0 Spiders computer virus

Security firm FireEye says it has discovered a botnet that is sniffing out point-of-sale systems and using brute force techniques to hack them and steal card data.

The BrutPOS botnet, comprising more than 5000 machines, scans specified IP address ranges for remote desktop protocol (RDP) servers that have weak or default passwords in an effort to locate vulnerable POS systems.

In a blog post, FireEye says that it found five command and control servers used by the botnet, two of which were still active and gave the firm some insight into the scam.

During a two week period, crooks managed to access 60 POS systems, working their way in by taking advantage of poor usernames such as 'administrator' and passwords like 'pos' and Password1'.

Warns FireEye: "While new malware and more advanced attacks are taking place, standard attacks against weak passwords for remote administration tools presents a significant threat."

KeywordsEFTPOS

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Authorities cripple Gameover Zeus botnet and CryptoLocker ransomware

Authorities cripple Gameover Zeus botnet and CryptoLocker ransomware

02 June 2014  |  5127 views  |  0 comments | 3 tweets | 4 linkedin
Ex Subway franchise owner pleads guilty to gift card POS hacking scam

Ex Subway franchise owner pleads guilty to gift card POS hacking scam

15 May 2014  |  6417 views  |  1 comments | 3 tweets | 2 linkedin
Hardware vendor LaCie warns of card data breach

Hardware vendor LaCie warns of card data breach

16 April 2014  |  4826 views  |  0 comments | 6 tweets | 3 linkedin
Target hackers used POS malware to steal card details

Target hackers used POS malware to steal card details

14 January 2014  |  6791 views  |  0 comments | 5 tweets | 5 linkedin
Microsoft takes down Zeus botnets

Microsoft takes down Zeus botnets

26 March 2012  |  5808 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Find out moreVisit capgemini.comvisit dh.com

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7881 views comments | 16 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
7059 views comments | 17 tweets | 16 linkedin
JPMorgan formally quits R3JPMorgan formally quits R3
6389 views comments | 25 tweets | 14 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
6188 views comments | 22 tweets | 21 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
5981 views comments | 20 tweets | 20 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job