A data-breach-investigations report issued by Verizon earlier this year found 71 percent of all hacking attacks on business take place using remote access or desktop service.
“Remote access and desktop services, in combination with the exploitation of default and/or stolen credentials, is a huge problem in the retail and hospitality industries,” the Verizon report states. “Opportunistic attacks are carried out across many victims who often share the same support and/or software vendor.”
According to researchers, as soon as an intruder discovers a particular vendor’s authentication method and schema (be it for TCP port 3389 for RDP; or TCP port 5631 and UDP port 5632 for pcAnywhere), he will be able to exploit it across a multitude of that vendor’s partners and customers.
“Oftentimes, in lieu of conducting a full port scan for these remote service applications, attackers will customize their scripts to exclusively look for these ports and search a broad swath of the Internet,” the report states. “This speeds up their capability of searching for and finding services unprotected by router/firewall ACLs and allows them to quickly check for default credentials as well. This of course relies on remote access authentication schema being uniform across all of that particular vendor’s customers—but hey, who are we kidding? They always are.”
Jim Walsh, CISO for point-of-sale products vendor MICROS Systems, knows all too well how attractive a chain restaurant or hotel is to a hacker. MICROS, the largest POS company for the hospitality industry, is used in almost all major restaurant and hotel chains around the world. Read more.