Security Central: Kimpton Hotels Experience Major Breach, U.S. Uncovers Truths About DNC Attacks
If you’re a VAR or security service provider, you might want to look toward the hospitality industry for new customers. Kimpton Hotels announced on Wednesday that it has joined the growing list of hotel operators that have fallen prey to hackers, specifically in the form of malware that goes after customer payment card info.
September 2, 2016
If you’re a VAR or security service provider, you might want to look toward the hospitality industry for new customers. Kimpton Hotels announced on Wednesday that it has joined the growing list of hotel operators that have fallen prey to hackers, specifically in the form of malware that goes after customer payment card info. According to a statement released by the hotel chain, credit cards were breached at over 60 restaurants and hotel front desks between the months of February and July of this year.
Kimpton said that the malware was designed to go after sensitive information such as card numbers, cardholder names, expiration dates and verification codes. The hotel launched an investigation after it was informed of “unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels” back in July.
According to investigative reporter Brian Krebs, “The source and extent of the apparent breach at Kimpton properties is still unknown.” Unknown perhaps, but it’s not hard to guess. Based on recent retail and hotel hack patterns, Point-of-sale (POS) malware is the likely culprit. This type of malware has been the cause of the majority of credit card breaches over the past two years, even successfully taking down huge companies – a prime example being the seismic 2013 breaching of Target stores.
On top of everything, these breaches, small- or large-scale, are almost too easy to carry out. Once cyber-crooks have the malware loaded onto the POS systems, they can remotely access the information of each card swiped at that register.
“Cybercriminals are patient and sophisticated, and it’s that combination that makes them a formidable force to be reckoned with and why breaches are now daily headlines,” said John Peterson, vice president & general manager, Comodo Enterprise. “Additionally, it seems like most of the security industry has pretty much thrown in the towel on actually preventing breaches and has moved to just detection and remediation.” Which, on the bright side, could be a good thing for backup and DRaaS providers.
Experts have long-warned of companies desperately needing to beef up security measures, practically scolding companies for not paying as much attention as they should or putting up strong-enough defenses. “This is just the latest case of a hotel chain being breached, and it won’t be the last,” warns John Christly, CISO at Netsurion, a provider of remotely-managed security services for multi-location businesses. “Hospitality companies are in an ongoing digital war with cybercriminals seeking payment card data—and the war is being won far too often by these hackers. Any business that processes payment data or offers free Wi-Fi is a profitable breach target.”
Christly goes on to state that traditional cybersecurity defenses are no longer enough. New defensive approaches, advanced cybersecurity tools and augmented cyber-intelligence methods must be deployed, ideally stemming from a relationship with an outside vendor. That, of course, is where the channel comes into play. After all, we’re all about relationships.
So what should hotel chains like Kimpton do? “Hospitality companies need to do everything they can to protect their customers’ data; this means deploying the latest developments in endpoint protection and secure web gateways that actually prevent breaches through the most advanced methods available to the industry today,” says Peterson. “When it comes to hotel breaches, customers need to be aware of their exposure. They should keep a close eye on accounts that may be impacted and report any suspicious behavior on those accounts.”
On the political side of things, American intelligence agencies are now officially pointing their fingers at the Russian government for indeed being behind the hacking and theft of emails and sensitive information from the Democratic National Committee (DNC). An article by the New York Times back in July was just one of the mentions of the widespread speculation, but now the publication reports that speculation has turned into full-on accusation.
According to the NYT, even in the face of growing evidence, experts are stumped as to how the documents were released by WikiLeaks, the site designed to expose ‘illegal or immoral’ behavior by the West and crack down on regimes “in Russia, China, and Central Eurasia.” However, claims have surfaced that while Julian Assange, the WikiLeaks publisher, has been critical of those regimes – most of its leaks have targeted the West, often to the benefit of Russia.
Before the WikiLeaks release occurred, similar documents and information were published by several news organizations and a hacker dubbed Guccifer 2.0, who is believed to be an agent of the G.R.U., Russia’s military intelligence service. American intelligence agencies think that these earlier leaks from Guccifer and the WikiLeaks material have similar pieces of data and code which can be traced to previous invasions attempted by the G.R.U. or the F.S.B., another Russian spy agency.
However, Julian Assange claims that there’s a difference between DNC information he released and the information released by Guccifer, stating that there a lack of proof that the Russians were involved and were the ones who provided the documents. The situation has fluctuated over the past few weeks with experts, the government and Assange all batting around blame. The U.S. administration’s accusations of the Russian government and its involvement in the DNC hacking has not yet reached the point of an official callout, perhaps a tactic to “buy time for President Obama to make a decision,” according to the New York Times article. James R. Clapper Jr., the director of national intelligence, said at the time of the initial hack that American agencies were not yet prepared to publicly identify a culprit.
Whoever it is managed to gain privileged access to the DNC systems, which is a growing point of differentiation between companies that have and follow security best practices and those that do not. Scott Lang, BeyondTrust’s director of privilege strategies, says that all the media attention focused on third-party hacking by nation states such as Russia distract companies from truly understanding the impact of internal access breaches. Unfortunately, Lang says it’s going to take another Snowden-style insider breach before people take the threat seriously—and when they do, the channel should be prepared to rise to the occasion.
But for now, the focus is still on external threats, especially from our own government. According to ABC News, Six senators, all Democrats, sent President Obama a letter imploring him to make cybersecurity a priority at this weekend’s G20 Summit in China.
The senators cited the theft of $81 million from the Central Bank of Bangladesh by hackers back in February as well as a few other attacks as the reason for the heightened need for discussion surrounding security issues.
The senators — Gary Peters (D-MI), Sherrod Brown (D-OH), Kirsten Gillibrand (D-NY), Martin Heinrich (D-NM), Debbie Stabenow (D-MI), and Mark Warner (D-VA) — said in the letter: “It is critical that the global community craft and implement a coordinated strategy to combat cyber-crime at critical financial institutions and to strengthen and accelerate existing efforts. Our financial institutions are connected in order to facilitate global commerce, but cyber criminals — whether independent or state-sponsored — imperil this international system in a way few threats have.”
The senators emphasized that global coordination on cybersecurity is essential, even more so now. If we hope to address vulnerabilities across almost every industry across the world, as well as improve liaisons between law enforcement and regulators, we must do so to “better enable them to pursue counter-terror financing and anti-money laundering agendas.”
A senior administration official told ABC News that White House officials “expect members will affirm their commitment to cooperate to fight cybercrime and to enhance confidence and trust in the digital economy” at the G20 summit.”
About the Author
You May Also Like