Home arrow Fraud and Scams arrow Fraud Alerts arrow The New Hacking Threat that Everyone Needs to Know About
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.

Guard My Credit Hits
11386485 Visitors
The New Hacking Threat that Everyone Needs to Know About PDF Print E-mail

September 20, 2019 - Let's say you're running a business and you buy a new software suite from a trusted software developer. To be clear, this software isn't from some fly-by-night company you've never heard of. It's a known industry source that has a good reputation and which you trust. You download install it onto a server that you know has absolutely no viruses. Do you think your first thought might be that the software package you installed has hidden malware in it? Probably not, but maybe it should be.

Image Image

That scenario is exactly what happened with two hotel chains according to an article in DigitalMunition. They installed client booking and payment software from a company called Roomleader that turned out to contain some very sophisticated malware. And it happened because Roomleader's own supply chain was compromised.

NOTE: Nearly 200 hotels were compromised. The malware installed was a credit card skimmer that worked only on cell phones, but which didn't impact computer-based bookings. DigitalMunition speculates that this was to avoid early detection by anti-virus software. If you want to know more details about this particular attack, read the article we linked to, above.

This scenario raises a lot of questions. It isn't uncommon for software developers to contract with other companies or individual developers for certain work. But what if the company you're contracting with has a problem? What if they contract with an individual programmer who has other motivations? And how do all of the legitimate parties in the supply chain protect themselves?

None of the answers to these questions are clear and laws around the globe would appear to be holding the wrong parties accountable for this sort of crime. In this case, who would you blame? The hotel companies purchased software which they had every reason to believe was secure. The chances are that this issue will cost them money. And the software company selling the product certainly wouldn't have released it if they had any reason to think that it was compromised. Since we don't have details yet on what led to the supply chain issues, we don't have any way of knowing if the portion of the software that was compromised was developed in-house or outsourced. But even if it was outsourced to third parties, it's certainly going to cost them money.

Meanwhile, the hackers behind this plot go on their merry way.

There is no doubt that consumers were hurt in this attack and that they should have some recourse. But the companies were hurt too. What's their recourse? That's a question for lawmakers and it is one that needs to be addressed sooner rather than later. While it is quite likely that larger businesses will be able to absorb the costs associated with cases like this, it's a different story for small businesses.

If you are a one-man shop, or even if you have two or three employees, unless you work in the IT industry there is a pretty good chance that you're not technical in nature. You shouldn't face the prospect of going out of business simply for installing software from a trusted source. But that is a very real possibility the way the laws are currently written.

by Jim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

 

Follow ACCESS
Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
11/04/2024 02:17:00