Pizza Hut Australia revealed that dozens of the companies locations have suffered extended downtime due to their Point-of-Sale (PoS) systems being infected with malware.
According to Webroot security firm, Pizza Hut Australia’s latest partner, the company fell victim to the malware breach dating back to 2013, lasting over a year long.
ITWire reported that 20% of all Pizza Hut locations in Australia were hit with the point-of-sale malware. 60 of 300 Pizza Hut Australia locations suffered extended downtime due to the increased rate in malware infection across their systems.
“This was an alarming figure because downtime in stores, especially during peak hours, means a huge risk in losing business and ultimately revenue,” said Pizza Hut field systems analyst Ross Portas.
A Webroot spokesperson told ITWire that the extent of damage the malware caused was so tremendous that sales across infected stores were halted up to two hours. In many cases, infected systems had to be re-imaged or cleaned, resulting in a number of Pizza Hut locations being offline for an entire day.
Webroot identified the malware as a ZeroAccess rootkit variant alongside a fake anti-virus piece of malware. Pizza Hut noted that their IT team had to clean the entire network ridden with malware in a three month long operation.
Tripwire’s director of security research and development, Lamar Bailey, said: “If you are a retailer, it is no longer a question of if you have been compromised, but a question of how large the gap is between infection and detection.”
“Being infected for a year likely equates to tens of thousands if not hundreds of thousands of credit card numbers stolen along with other customer PII. This breech likely impacted the bottom line of the retailer too due to lost orders and irate customers who went elsewhere for pizza,” Bailey said. “There is no sure fire way to stop breeches but retailers need to work hard to lower the detection gaps and lessen the impact to their business and customers.”
What is the ZeroAccess Rootkit Malware?
ZeroAccess is a sophisticated kernel-mode rootkit that runs on all major versions Microsoft Windows, including 32-bit and 64-bit based machines. Once infected, Zeroaccess adds the system into a peer-to-peer botnet, allowing attackers to send commands, download programs and commit actions the attacker sends the system. Cybercriminals commonly use ZeroAccess to run BitCoin mining operations, commit click fraud and launch attacks against companies. Sophos security firm detailed a paper (PDF) overviewing the ZeroAccess rootkit detailing its capabilities.
It is currently unknown how attackers abused ZeroAccess while inside Pizza Hut Australia’s point-of-sale systems. As Pizza Hut locations were infected for over a year, cybercriminals may have stolen customer information, which could result in millions of customers credit cards being put at risk.
Pizza Hut Australia and their IT team are currently investigating the attack. It appears Pizza Hut may have been hit by a year long data breach, which may have stolen millions of customers payment card information.