According to the Australian Federal Police, hackers recently stole hundreds of thousands of credit card numbers from Australian businesses.
"'The compromise is believed to have involved approximately 500,000 credit cards and resulted in more than $25 million in fraudulent transactions,' the AFP said today," The West Australian reports.
"SC understands the syndicate was behind the December 2011 hack of U.S. Subway Restaurants in which four Romanian nationals were charged for millions of dollars in credit card fraud that affected some 80,000 customers," writes SC Magazine's Darren Pauli. "In both cases, the syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection. The syndicate found its victims by scanning the internet for vulnerable POS terminals."
"According to consultant Marc Bown of the IT security firm Trustwave, which investigates data breaches on behalf of banks, hackers break into badly secured e-commerce websites via security holes in out-of-date shopping cart software, and into point of sale computers with weak passwords like 'password1' via remote desktop software used for technical support," write The Sydney Morning Herald's Dan Oakes and Ben Grubb. "Often the breached stores were in rural and remote regions, Bown said, and had fewer than 50 employees. 'And they all had an IT guy who, of course, said everything was OK.'"