Arby's Breached: Hackers Steal Credit Card Information

This week we hear about how Hackers Stole Credit Card Information From Thousands of Arby’s Customers and how AthenaGo RAT Malware Attacks Windows Computers.

Breach

Hackers Stole Credit Card Information from Thousands of Arby’s Customers

Hackers have stolen customer credit card information from an unknown number of Arby’s restaurants. According to cyber-security reports, the fast food chain discovered in mid-January that it suffered a data breach that affected a number of Arby’s corporate restaurants. 

The data breach affected some of Arby’s roughly 1,000 corporate restaurants, and none of its franchise restaurants operated by third parties, the report said. Over 350,000 credit and debit card accounts may have been impacted by the hack. Arby’s said that its customers should check their credit card statements for any unauthorized payments.

References: Arby’s Warns It Has Suffered a Massive Security Breach | Hackers Stole Credit Card Information From Thousands of Arby’s Customers | Arby's Hit with POS Breach, 1,100 Stores Possibly Affected

Mitigation Strategies:

  • Log management could detect any suspicious user account activity
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management, and advanced anomaly detection.
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • E- Mail filtration would scan incoming files and hyperlinks of any malicious links or code

Malware

AthenaGo RAT Malware Attacks Windows Computers

Computer experts detected a new dangerous malware threat known as the AthenaGo Remote Access Trojan (RAT). This is a virus that targets mainly Microsoft Windows users and it uses the Tor2Web service which acts a proxy connection to the C&C servers available on the TOR anonymous network.

AthenaGo RAT also features the capability to download and run additional binaries on infected systems when instructed to do so by an attacker. The malware was written using the Go programming language. Windows-based malware written in Go is not commonly seen in the wild. Additionally, the command and control (C2) communications used by the malware made use of Tor2Web proxies, which is part of a trend of increased reliance on these proxying services by various malware authors.

References: Go RAT, Go! AthenaGo points “TorWords” Portugal | AthenaGo RAT Uses Tor2Web Proxy System to Hide C&C Server | AthenaGo RAT Malware Strikes Windows Computers

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management, and advanced anomaly detection.
  • Log management could detect any suspicious user account activity
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites

This Week's Suspicious IP Addresses

218.65.30.46 117.21.224.127
202.109.143.115 121.248.150.13
222.186.168.155 46.109.168.179

*IP addresses provided by Recorded Future.