The payment solutions provider Verifone is currently investigating a breach of its internal networks, according to investigative reporter Brian Krebs.
In an email sent on January 23, company CIO and senior vice president Steve Horan told all employees and contractors they had 24 hours to change their passwords and would be blocked from installing software on their computers going forward, writing, “We are currently investigating an IT control matter in the Verifone environment.”
According to Krebs, Verifone learned of the breach through notifications from Visa and MasterCard.
Still, Verifone spokesman Andy Payment told Krebs the intrusion did not affect the company’s payment services network. “We believe today that due to our immediate response, the potential for misuse of information is limited,” he said.
Breach Linked to Russian Hacking Group
A source told Krebs the breach hit Verifone’s Petroleum POS Systems unit, which provides payment solutions to U.S. gas stations. The attack has been traced, the source said, to a Russian hacking group that appears to have had access to Verifone’s network since the middle of 2016.
In an updated statement provided to Krebs, Verifone said: “According to the forensic information to date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short timeframe. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”
“The fact that Verifone asked employees and contractors to change their passwords and restricted their control over their desktops and laptops suggests that the attackers followed the usual path to gain access to critical systems such as payment terminals: exploit different vulnerabilities to take control over the devices and the accounts of people already inside the company,” Balabit product manager Peter Gyongyosi told eSecurity Planet by email.
“This once again underscores the importance of a multi-layer, defense-in-depth approach to security,” Gyongyosi added. “Keeping endpoint devices completely secure, especially in a large enterprise, is an impossible task and organizations must prepare for situations where an attacker would gain access to internal accounts. Fine-grained access control and detailed monitoring of activities — especially those related to critical systems — and advanced analytics such as behavior analysis can help security teams gain an edge over the attackers.”
Fortune 1000 Security Performance Has Declined
The study also found that the security performance of Fortune 1000 companies has recently declined overall, and a majority have at least one remote administration service running on an open port.
“It is possible Fortune 1000 companies exhibit a higher frequency of system compromises due to having a large attack surface,” the report states. “Fortune 1000 companies tend to have a high number of employees, which often corresponds to more networked devices and more IP addresses owned. Criminals also may have more motivation to target these prominent companies as they manage PII, PCI and intellectual property.”