Omni Hotels & Resorts Hit by Point-of-Sale Malware

Omni Hotels & Resorts in Dallas, Texas has warned its patrons that its point-of-sales (PoS) systems at some of its properties were hit by malware. The chain said in a statement that the data breach was discovered on May 30th, but did not notify its customers until it has collaborated with an IT security company to address the issue. “The malware was designed to collect certain payment card information, including card holder name, credit/debit card number, security code, and expiration date”, Omni said. Additionally, there is no evidence that other customer information, such as contact information, Social Security numbers, or PINs were compromised.  

[READ: The SMB problem: PoS malware, skimmers, and compromised PoS machines]

However, payment information was reportedly stolen during the malware attack. According to Omni, the malware may have been in operation between December 23, 2015 and June 14, 2016, affecting 49 of its 60 North American hotels. However, most of the systems were affected for a shorter period, and is unlikely to have impacted customers who did not physically present their card. The company did not elaborate on how the breach was discovered nor how the attackers were able to gain entry. Omni is offering a year of identity theft protection services for free to all affected individuals to provide an added safeguard.

[READ: Protecting point-of-sale systems from PoS malware]

The attack on the hotel chain follows similar breaches of PoS systems at retailers and various hotels such as Starwood Hotel, Hilton hotels, and Hyatt hotels in January 2016. These recent data breach incidents in hotel chains highlight the continuous uptick in PoS malware cases, which not only affects establishments, but customer data as well. From a security perspective, the most immediate risk to businesses and customers lies in accepting payments. The information customers hand over, if captured, can be used by cybercriminals to commit credit card fraud.

In June 2016, Trend Micro unveiled a new family of PoS malware called FastPOS (detected as TSPY_FASTPOS.SMZTDA). According to the post on the Security Intelligence Blog, FastPOS is capable of instantly exfiltrating stolen credit card information. Unlike other PoS malware, it focuses on transferring harvested data as soon as possible to its command and control (C&C) server. The malware leverages a keylogger and a memory scraper for information theft purposes. Meanwhile, the Ram scraper checks for valid credit card numbers using a custom algorithm—specifically looking for international credit cards that do not require PINs. FastPOS’s design sets it apart from other POS malware families as it appears to operate in situations where a large, enterprise-scale network may not be present. It is otherwise designed for environments with a much smaller footprint.

Possibly affected individuals of any PoS malware are advised to regularly check bank statements and notifications to make sure that all transactions are accounted for, and to immediately report unverified transactions to the bank or card issuer. Businesses are also urged to use multi-layered security solutions to defend systems from malware and to employ application whitelisting technology to control which applications run in networks. This complete approach can help prevent PoS-related data breaches and business disruption from gateway and mobile devices. In addition, businesses can centrally manage threat and data policies across multi layers of IT infrastructure, streamline management, and provide more consistent policy enforcement.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.