18 February 2018
visit www.ebaday.com

Botnet takes advantage of weak passwords to hack POS systems

10 July 2014  |  7524 views  |  0 Spiders computer virus

Security firm FireEye says it has discovered a botnet that is sniffing out point-of-sale systems and using brute force techniques to hack them and steal card data.

The BrutPOS botnet, comprising more than 5000 machines, scans specified IP address ranges for remote desktop protocol (RDP) servers that have weak or default passwords in an effort to locate vulnerable POS systems.

In a blog post, FireEye says that it found five command and control servers used by the botnet, two of which were still active and gave the firm some insight into the scam.

During a two week period, crooks managed to access 60 POS systems, working their way in by taking advantage of poor usernames such as 'administrator' and passwords like 'pos' and Password1'.

Warns FireEye: "While new malware and more advanced attacks are taking place, standard attacks against weak passwords for remote administration tools presents a significant threat."

KeywordsEFTPOS

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Authorities cripple Gameover Zeus botnet and CryptoLocker ransomware

Authorities cripple Gameover Zeus botnet and CryptoLocker ransomware

02 June 2014  |  5494 views  |  0 comments | 3 tweets | 4 linkedin
Ex Subway franchise owner pleads guilty to gift card POS hacking scam

Ex Subway franchise owner pleads guilty to gift card POS hacking scam

15 May 2014  |  6690 views  |  1 comments | 3 tweets | 2 linkedin
Hardware vendor LaCie warns of card data breach

Hardware vendor LaCie warns of card data breach

16 April 2014  |  5206 views  |  0 comments | 6 tweets | 3 linkedin
Target hackers used POS malware to steal card details

Target hackers used POS malware to steal card details

14 January 2014  |  7575 views  |  0 comments | 5 tweets | 5 linkedin
Microsoft takes down Zeus botnets

Microsoft takes down Zeus botnets

26 March 2012  |  6034 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comVisit https://www.capgemini.comvisit www.nextgenbanking.co.uk

Who is commenting?

Top topics

Most viewed Most shared
Saudi central bank provides sandbox for banks to try out Ripple techSaudi central bank provides sandbox for ba...
10884 views comments | 16 tweets | 11 linkedin
Aussie real-time payments platform goes liveAussie real-time payments platform goes li...
8482 views comments | 15 tweets | 42 linkedin
ECB launches staunch defence of cashECB launches staunch defence of cash
8272 views 10 comments | 21 tweets | 26 linkedin
hands typing furiouslyHow can Blockchain Help with AML KYC
7926 views 3 | 9 tweets | 6 linkedin