Kwikfit Hacked

Kwikfit, the title sponsors of the prestigious British Touring Car Championship and a well known household name in car maintenance were hacked last week.

The company initially told The Register that it has been infected by an unspecified "virus" in its "IT network" over the weekend. The BBC later reported "malware" was to blame.

So what might of happened?

Well Kwikfit are being very quiet and keeping the information internally. It does seem that the retail estate have been hit with a form of malware which has rendered the epos systems useless. And in todays non-cash based economy that is a problem for any retailer.

I kind of feel sorry for the IT team at Kwikfit. I would image, from my own experience, that the team is small, under resourced and over worked. A common theme among IT teams. There was probably a level of denial from management that enabled malware, if that is what it was, to gain a foot hold in the network.

How could it have happened?

The malware could have got into the network via a number of methods. The two most obvious are by someone opening an unexpected attachment to an email and the other is through careless web browsing and application install.

A more sinister route would be a criminal posing as a client using a HID based attack on the terminal while no-one is looking. There have been many times I have been in a kwikfit and been alone in the office with access to a system.

Why Kwikfit?

What makes kwikfit such an attractive target is the type of information available. It would be safe to say that consumer information and card data would be exfiltrated if possible. People’s email addresses along with their car registrations would make for wonderful spear phishing attack material. But that if course if assuming this is a targetted attack. It is highly likely that this was an opportunist.

How to stop it happening

Simple, end point Anti-malware and anti-virus solutions, restricted web browsing and good levels of security on systems in public areas. I wonder if kwikfit ever included their retail stores in a penetration test?