Hilton hack, POS threats and supply security chain risks

Towards the end of November, Hilton Worldwide issued an official statement admitting that it had “identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems.” We don’t know, at this point in time, whether this was in any way linked to the ModPOS malware threat, which has been described by researchers as “the most sophisticated point-of-sale malware we have seen,” but it does raise the question of supply chain security risks. What we do know, however, is that the malware which was involved in the Hilton Worldwide breach appears to have targeted point of sale (POS) terminals situated inside of franchised restaurants, gift shops and coffee bars within the impacted Hilton hotel properties. If this attack proves anything, then it proves the old adage that your strongest security measures are only as strong as the weakest link in your supply and partner chain.