Digital Transformation

Hackers steal 80,000 customers’ financial details

Secure data management processes could prevent similar occurrences.

The importance of protecting customers’ financial details via secure records management techniques has been highlighted again with a significantly damaging security breach by four hackers.

Some 80,000 consumers had their payment card details stolen when cyber criminals are thought to have used a worm named Morto to exploit Remote Desktop Protocol (RDP) technology and control remote computers and Point of Sale devices from afar.

Andrew Mason, co-founder and technical director of RandomStorm, explained: "Computers infected with the worm scanned the local area network for any other computer that was using RDP and could therefore be controlled remotely. Once a server was detected, the worm automatically tried common and default passwords to gain administrator access to the server."

He noted that it has not been confirmed whether these hackers used Morto but companies are strongly advised to check their data management policies and, if necessary, to change their passwords and add extra defences to their systems.

"We cannot stress strongly enough that organisations should never reuse default or commonly used passwords on servers and remote access applications. We see this as a massive issue on the vulnerability scans that we carry out for merchants, where we can enumerate weak passwords that are then reused for domain access logins or enterprise application access, enabling access to confidential information," Mr Mason added.

Meanwhile, Raj Samani, chief technology officer at McAfee Europe, Middle East and Africa, has warned businesses and individuals to update the anti-malware programmes on their smartphones and tablets, as this is another way online criminals can access valuable information.

"As more and more of us are shopping online, as more and more of us depend on technology to go online … [so] it is important to make sure that these devices – which we are putting our credit card details onto – are protected," he added.