Hackers turned on the Ukrainian anthem at Pravda Coffee network points

The IT infrastructure of the Pravda Coffee network was attacked by hackers. Attackers hacked into the coffee shop system and turned on the anthem of Ukraine. The attack was carried out on August 24 and affected several points. This was told to Vedomosti by a source close to the network. Information about the hacker attack was confirmed by a representative of Pravda Coffee. He declined further comment.

Most trade and catering establishments provide guests with open access to the Internet, says a Vedomosti source who knows about the hacker attack on coffee shops. He explains that WiFi routers in such companies are often part of the enterprise’s internal network, which ensures the operation of all devices and components, from checkout points to security systems. And if information security requirements are neglected, this can lead to hacker attacks on equipment and databases, as well as to accidental infection of the network with viruses or spyware from guest devices, says the source of Vedomosti.

According to him, such risks can be leveled by at least delimiting individual network segments into virtual subnets (VLANs), or better, by using professional equipment (switches and routers). At the same time, there is no need to make a separate physical network, it is enough to create a virtual subnet and differentiate access for both devices and users, the source explained.

In the HoReCa segment, apart from large networks, there is not always an understanding of the need to hire cybersecurity specialists, confirms Cisco information security consultant Alexey Lukatsky. Typically, this function is performed by a general IT specialist, he laments.

In addition to video surveillance, stereo systems in restaurants and shops are also vulnerable. Music is played, as a rule, through online playlists, lawyer Alexander Korolev points out. To play, you need access to the Internet, a connection to a streaming service, which means that there are risks of hacker attacks, he notes.

Protection against such attacks can be multi-level, explains Lukatsky. And the point here is not that the access points were the same for guests and employees, but that they were not configured properly, he believes. The problem, according to him, is the lack of access monitoring from the guest segment to the office segment. “Perhaps the password of one of the employees was also stolen, and if there was no multi-factor authentication, then the hacker could easily impersonate another,” Lukatsky argues.

It is possible to protect the infrastructure from such attacks by reconfiguring access points, multi-factor authentication, enabling WPA2 / WPA3 protection mechanisms (encryption methods), internal segmentation and differentiation of access rights within the infrastructure, lists Lukatsky.

“These are all basic and often built-in, that is, free, protection mechanisms,” he notes. – But solutions for monitoring network anomalies, wireless attacks, unauthorized actions already cost money. That is, compliance with basic information security will already significantly increase the level of information security for public catering enterprises.