UPS, the international courier service, may have been the victim of a cyber-attack using a virus detected in 51 of the company’s US stores.
A company spokesperson confirmed that the attack could have compromised confidential information, including customers’ names, card details and postal and email addresses. The earliest evidence of the presence of this malware at any location is January 20, 2014 and was eliminated as of August 11, 2014.
The attack has been traced back to the services that give employees remote access to the UPS system. Cyber-criminals exploited this to infect point-of-sale terminals and obtain information massively from the database.
UPS has informed customers of the stores that have been affected by the malware.
Attack on Target
This attack is similar to the one suffered by another US company, Target, which resulted in the theft of over 40 million credit card details.
Point-of-sale terminals are a highly-prized target for cyber-criminals. It’s not a question of chance, sooner or later someone will try to hack your terminals. To ensure protection you need a security solution that covers different aspects of the POS terminal and which can:
- Restrict the running of software, only allowing trusted processes to run.
- Identify vulnerable applications, warning you of any outdated software.
- Enforce the behavior of permitted processes to prevent vulnerability exploits in trusted processes.
- Traceability: If an incident occurs, your security solution should provide all the information needed to answer four basic questions: when the attack began; which users have been affected; what data has been accessed and what has happened to it; and how the attackers entered and from where.
These are not all the security measures that can be taken, although these four points at least must be covered.