Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information. The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings. Omni in Dallas, Texas, said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. "The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date," Omni said. There isn't evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.
HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers. The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems. The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties. HEI in Norwalk, Connecticut, did not specify how many people were likely to have been affected. The data compromised may have included payment card data, including name, payment card account number, card expiration date, and verification code, it said.
Researchers have uncovered an ongoing campaign against retail VMWare Horizon Point-of-Sale (PoS) thin clients. The new attack wave, which has taken place over the past eight to ten weeks, is attempting to spread Cobalt Strike, a legitimate penetration testing tool which has also, unfortunately, been adopted in recent years by threat actors. According to researchers from Morphisec, Cobalt Strike -- in tandem with malicious payloads -- can be used to hijack systems, execute code, harvest credentials, and is also able to circumvent EDR scanning. The pen testing tool is being used in attempts to infiltrate PoS systems to deploy FrameworkPOS scraping malware, which can be used to harvest credit card information belonging to customers by compromising system memory components. Data scraped by this malware is compressed into .ZIP formats and transferred to command-and-control (C2) servers.
Clothing retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information. All the retailer's stores in the U.S. and Canada, numbering about 350, were affected, a company spokesman disclosed Thursday. He added that the retailer is not disclosing the number of customers affected. The card information harvested included cardholder name, payment card number, security code and expiration date. The retailer said that information of payment cards used at its stores on various dates between Jan. 2 and July 17, 2016 may have been accessed, but added that not all cardholder transactions were affected.