Credit & Debit Card Info Collected in Popeyes Data Breach

This week we hear about how a Data Breach at Popeyes Collected Credit & Debit Card Info and how Hackers Set Sights on ElasticSearch Servers.

Breach

Popeyes Reports Data Breach

A recent security breach may have compromised customers who used their debit or credit cards at several Popeyes locations in Texas, North Carolina, and Georgia.

Business consulting company CCC Restaurant Enterprise LLC, which own the popular chain, released a report full of evidence showing that malicious code infected the company's computer systems between May 5, 2016, and Aug. 18, 2016.

The restaurant is asking customers who believe they have been targeted to "take additional action to further protect against possible identity theft or other financial loss."

References: Data Breach Reported at Houston Area Popeyes | Data Breach Incident in Several Popeyes Restaurants | Data Breach Reported at Houston-Area Popeyes Restaurants

 

 

 

Mitigation Strategies:

  • Log management could detect any suspicious user account activity
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition

Malware

Hackers Set Sights on ElasticSearch Servers

Following recent cyber attacks on MongoDB, security researchers uncovered over 2,500 ElasticSearch servers affected by ransomware in three days.

ElasticSearch is a Java-based search engine, commonly used by enterprises for information cataloguing and data analysis.

The recent MongoDB attacks saw hackers demand ransom and erasing data to ensure victims' compliance. In the ongoing ElasticSearch attacks, the cybercriminals demand a ransom of 0.2 Bitcoins.

References: MongoDB Hijackers Move on to ElasticSearch Servers | MongoDB Hackers Set Sights on ElasticSearch Servers With Widespread Ransomware Attacks | MongoDB, ElasticSearch Hackers Now Target Hadoop With Ransomware

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

This Week's Suspicious IP Addresses

182.100.67.129 202.46.5.3
118.170.130.207 81.183.56.217
46.109.168.179 188.118.2.26ng

*IP addresses provided by Recorded Future.