Friday Five: 9/29 Edition
It's Friday! Catch up on the latest infosec news with our weekly roundup.
1. Watch out: These phishing emails claiming to be a 'secure message' from your bank by Danny Palmer
Another day, another phishing scam. Opportunistic miscreants are now creating spoof emails claiming to contain documentation relating to secure messages, masquerading as large banks such as Bank of America and TD Commercial banking. This is a clever new ruse by cybercriminals, as often lucrative targets use secure messaging via an online portal to manage banking affairs, without having to go to the bank or speak over the phone. Discovered by Barracuda Networks’ research team, the miscreants have been registering fake domains that appear to look legitimate to lure users to their site via the spoofed secure message. The message asks users to download an attachment that contains a malicious payload. Some cybercriminals have taken it one step further and have provided a code to unlock the secure document (to maintain the façade of it being a secure message). Once the malware installs and infects the device, cybercriminals can do various things including stealing sensitive credentials or encrypting them for ransom.
Sonic Drive-In, which has nearly 3,600 stores across 45 states in the U.S., has acknowledged that a security incident has taken place, impacting an unidentified number of credit and debit cards across the country, which were being resold on the cybercriminal underground for profit. As of right now, SONIC is still investigating and does not know how many stores were impacted by the incident. According to Krebs, “the accounts apparently stolen from Sonic are part of a batch of cards that Joker’s Stash is calling ‘Firetigerrr,’ and they are indexed by city, state and ZIP code.” This is of particular interest as cybercriminals can purchase cards and use them in the same geographical area, thus avoiding fraud detection monitoring that often flags transactions for potentially compromised cards if they’re used outside the state or country. This isn’t the first time we’ve seen fast food chains targeted, as Wendy’s was a previous victim, and POS devices still remain very vulnerable to compromise by cybercriminals in the U.S. compared to other countries.
The business impact following data breaches is becoming more material, with SONIC being another proof point this week. After Brian Krebs broke the news about SONIC Drive-In credit cards being resold in the cybercriminal underground, Sonic’s stock price dropped, with shares falling at least 4.4% to $23.52, which was the company’s biggest drop since August 8, according to Bloomberg. As of right now, SONIC has not disclosed how many credit cards were compromised, which is not surprising given the investigation is still on-going. SONIC is not the first to be impacted by cybercriminals targeting POS devices, as Chipotle was also a victim earlier this year.
On Thursday, Whole Foods,haha which was recently acquired by Amazon, stated that it suffered a data breach impacting customer credit card numbers for taprooms and full-table service restaurants, which are located in some of the chain’s stores. Once again, POS systems were the target by attackers; however, it’s important to note that the targeted POS systems were not connected to the main checkout POS systems used in stores, so checkout POS systems were not affected in this attack. In addition, Amazon payment systems are not connected with Whole Foods, so Amazon purchases were not impacted either. According to Whole Foods, the investigation is still on-going regarding the compromised POS systems.
Everyone is often told to always “install the latest security updates on their computers” but what if you are updating your software and still can’t completely secure your device? That is what researchers from Duo Security discovered on Macs – updates from Apple were excluding necessary firmware updates from certain computers Duo tested, especially older Macs. This is particularly concerning because if a hacker can exploit the firmware, which runs very powerful code, they can take control of the entire device and potentially access any network that the computer can. Duo notified Apple about the firmware update issue, and Apple responded positively, noting that it is always exploring ways to make their systems more secure. On Monday, Apple announced that its newest operating system, MacOS 10.13 or High Sierra, will check a computer's firmware weekly.