Points to remember about computer security from Wiseasy hacking

Last month, Tech Crunch reported that payment terminal maker Wiseasy had been hacked. Although Wiseasy may not be well known in North America, their Android-based payment terminals are widely used in the Asia-Pacific region and hackers have managed to steal the passwords of 140,000 payment terminals.

How did the Wiseasy hack happen?

Wiseasy employees use a cloud-based dashboard to remotely manage payment terminals. This dashboard allows the company to perform various configuration and management tasks such as managing payment terminal users, adding or removing applications and even locking the terminal.

Hackers were able to gain access to the Wiseasy dashboard by infecting employee computers with malware. This allowed the hackers to access the dashboards of two different employees, which ultimately led to a massive harvest of payment terminal credentials once they gained access.

Main lessons learned from the Wiseasy hack

1 — Transparency is not always the best policy

While it’s easy to simply dismiss the Wiseasy hack as the result of an unavoidable malware infection, the truth is that Wiseasy made several mistakes (according to the Tech Crunch article) that allowed the hack to succeed.

For example, the dashboard itself probably exposed more information than it should have. According to Tech Crunch, the dashboard “allowed anyone to see names, phone numbers, email addresses, and access permissions.” While it could be argued that this information is necessary for Wiseasy to manage devices on behalf of its customers, Tech Crunch goes on to say that a dashboard view revealed the Wi-Fi name and password in plain text for the network the payment terminal was connected to.

In a standard security environment, the interface should never be designed to display passwords. Displaying customer information openly, without secondary end-user verification, also goes against a zero-trust policy.

2 – Credentials alone will not suffice

A second mistake that likely helped the hack succeed was that Wiseasy did not require the use of multi-factor authentication when accessing the dashboard. In the past, most systems were protected only by authentication credentials. This meant that anyone with access to a valid username and password could log in, even if the credentials were stolen (as happened in the Wiseasy hack).

Multi-factor authentication requires users to use an additional mechanism to prove their identity before accessing sensitive resources. Often this means providing a code that has been sent to the user’s smartphone via text message, but there are many other forms of multi-factor authentication. In any case, Wiseasy did not use multi-factor authentication, nothing prevented hackers from logging in using stolen credentials.

3 — Devices should be triple checked

A third possible error could have been that of Wiseasy employees accessing sensitive resources from an unhardened device. Tech Crunch reported seeing screenshots of the Wiseasy dashboard in which an admin user had remote access to payment terminals. The Tech Crunch article does not say that the admin’s computer was infected with malware, but that malware was used to access the dashboard and the screenshot shows an admin logged in on the dashboard, it’s entirely possible that an administrator’s machine has been compromised. .

As a best practice, privileged accounts should only be used when required for a particular task (standard accounts being used at other times). Additionally, privileged accounts should ideally only be used on designated management systems that have been hardened and not used for other tasks.

4 – Stay in control of your own safety

Finally, the biggest mistake made in the Wiseasy hack was that the company apparently (according to the Tech Crunch article) didn’t know their accounts had been compromised until they were contacted by Buguard.

Buguard is a security company specializing in penetration testing and dark web monitoring. Ideally, Wiseasy would monitor its own network for a potential breach and immediately shut it down as soon as it is first noticed.

Moving forward: how to protect your own network from a similar hack

The Wiseasy hack highlights the importance of adhering to long-established security best practices, such as requiring multi-factor authentication and using dedicated management workstations for privileged operations. Adhering to a zero-trust philosophy in your organization can solve many of these issues.

Additionally, it’s important to have a way to tell if your organization’s accounts have been compromised. Otherwise, an attacker who has gained access to stolen account credentials could use those credentials indefinitely. One of the best ways to prevent this from happening is to use the Specops password policy. Specops maintains a database of billions of passwords known to have been compromised.

This database is kept up to date with passwords found on lists of known broken passwords, as well as passwords actively used in attacks. The Specops password policy uses this information to ensure that none of your users’ passwords have been compromised. If an account is found to be using a compromised password, the software will notify you so that you can deactivate the account or change its password immediately. You can test the Specops password policy tools in your AD for free at any time.

Whether you’re installing in-house penetration testing, moving to a zero-trust infrastructure, or blocking known breached passwords from your Active Directory, there are plenty of ways to make sure your organization doesn’t fall victim. consequences of malware. attack like Wiseasy.

Comments are closed.