It what is becoming a far too common trend, remote access software is being seen by cyberthieves as little more than convenient retailer-installed back doors for them to use to access payment card data. The U.S. Secret Service has identified the same remote access package as the commonality between a group of breached stores in Kentucky and southern Indiana.
The attack, which is believed to have exposed hundreds of debit and credit accounts, has been linked to numerous overseas Internet protocol addresses, said Craig Hutzell, a spokesperson for the Kentucky Electronic Crimes Task Force, which is part of the Secret Service. These regionalized attacks are unlikely to stay regionalized, as the thus-far-unidentified remote access package has been sold nationally.
"I'm sure there are merchants in other states using this same remote software, too," said Marjorie Meadors, assistant vice president and head of card fraud prevention for Louisville-based Republic Bank & Trust, according to a report in Bank Info Security.
Remote access packages have been the initial means of attack against many chains. Some of the attacks against Subway, for example, were specifically tied to the remote access packages sold by a reseller blessed by Subway corporate, someone who had been a Subway franchisee. He was later charged with using remote access to fraud the systems.
Even in some of the cases where the attack is done by spyware—such as was done with Schnuck's—remote access can be the means for initial entry, to plant the spyware.