There have been several major cyberattacks on restaurants in recent months. Organized cybercriminals gangs are using specially crafted malware to silently steal credit card data from POS systems. Not only do the initial intrusions go undetected, the presence of the malware is often not detected for several months, during which time tens of thousands of credit card details are stolen.
Last month saw another large restaurant chain suffer a major breach of payment card data. The cyberattack on Applebee’s affects more than 160 of its RMH Franchise Holdings owned and operated restaurants across 15 states.
Customers who visited one of the RMH restaurants in Alabama, Arizona, Texas, Florida, Illinois, Indiana, Kansas, Kentucky, Ohio, Mississippi, Missouri, Nebraska, Oklohoma, Pennsylvania or Wyoming between November 2017 and January 2018 and paid for their meal on a credit or debit card have potentially had their card details stolen. Customers who paid using the self-pay tabletop devices were not affected, and neither were customers who paid online. The data breach was confined to RMH-operated restaurants. Other restaurants in the Applebee’s network were unaffected.
The data theft occurred as a result of malware on its POS system. The malware had been developed to capture data such as card numbers, expiry dates, CVV codes, and cardholder names. After recording the data, the information was exfiltrated to the attacker’s command and control server.
RMH reports that it has security systems in place to prevent cyberattacks and was able to contain the incident prior to discovery of malware on February 13, 2018. One a breach was discovered, RMH conducted a thorough investigation to identify the full extent of the breach and the individuals potentially impacted. A leading computer forensics firm was contracted to assist with the investigation and help mitigate of the attack. RHM has not disclosed how the malware was installed and nether the type of malware used in the attack.
The Applebee’s cyberattack is the latest in a string of cyberattacks on restaurants and retailers. In 2017 there were similar cyberattacks on restaurants throughout the United States. Arby’s fast food restaurants experienced a POS-malware related breach that affected many of its 1,000+ corporate stores. Chipotle Mexican Grill discovered malware had been installed on its POS system, with most of its stored affected over a 1-month period last spring.
Retailers are also major targets. Earlier this year, the retailer Forever21 discovered malware has been installed on its POS system. It took the retailer 7 months to identify the breach, during which time the credit and debit card details of many thousands of its customers were stolen.
Last year, many of the 750 Kmart stores were infected with POS malware – the second major credit card breach experienced by the chain in the past three years. Buckle Inc., was also attacked, with an undisclosed number of its stores affected. The malware infection remained on its system undetected for more than 5 months.
The breaches highlight the importance of implementing layered defenses to protect the entire attack surface, from spam email defenses to web filters, next generation firewalls, and advanced intrusion detection systems. It is also essential for retailers and restaurateurs to conduct regular vulnerability scans of the entire network to identify and address security flaws, with technical solutions implemented to constantly monitor POS systems for signs of compromise.