Chipotle's Payment System Breached

This week, the Alert Logic ActiveIntelligence team highlights how Chipotle's Payment System Was Hacked and how a New Variant of Ransomware XPan Was Found.

Breach

Chipotle's Payment System Was Hacked

Mexican fast food chain Chipotle announced Tuesday that its customer payment system had been breached. In a statement on the company's website, Chipotle said it detected "unauthorized activity" on the system. Officials are focusing on credit card transactions that occurred from March 24, 2017, to April 18, 2017.

The restaurant added that the breach has been stopped and additional security measures have been added, though the investigation is ongoing. Chipotle encouraged customers to monitor their card activity.

References: Chipotle Says Payment System was Hacked | Chipotle Payment System Hacked | Chipotle Says Its Payments System Was Hacked

 

Mitigation Strategies:

Malware

New Variant of Ransomware XPan was Found

A new variant of the Ransomware XPan is targeting small to medium-sized businesses primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system.

Interestingly, this XPan variant is not necessarily new in the malware ecosystem. However, someone has chosen to keep on infecting victims with it, encouraging security researchers to hunt for samples related to the increasing number of incident reports.

References: Original XPan Ransomware Returns, Targets Brazilian SMBs | XPan Ransomware | XPan, I Am Your Father

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity.
  • Anti-virus would detect file infection on the local host

This Week's Suspicious IP Addresses

183.60.48.25 113.108.21.16
191.96.249.97 221.0.171.162
72.51.50.172 59.45.175.62

*IP addresses provided by Recorded Future.