Debenhams Flowers Data Breach Affects 26,000 Customers

This week, the Alert Logic ActiveIntelligence team reviews how the Debenhams Flowers Data Breach Affects 26,000 Customers and how the new Persirai botnet leaves over 122,000 IoT cameras vulnerable.

Breach

Debenhams Flowers Data Breach Affects 26,000 Customers

Debenhams, a UK Retailer, made public of a recent breach on their Flowers website, resulting in compromised personal data on over 26,000 customers. Payment details, names, and addresses of the individuals were leaked due to a targeted attack on Ecomnova, a third-party e-commerce portal used for the flowers and gifting business. Debenhams released a communication detailing the steps the company has taken since the breach as well as steps that customers should follow, from cautioning users of future phishing attacks to periodic reviews on bank statements.

The breach occurred sometime between February 24 and April 11 and the site has been offline since. Chief executive Sergio Bucher stated that a full investigation had started once the breach was discovered. This case stresses the importance of assessing cybersecurity risk with third-party vendors. Customers of the main site, Debenhams.com, were not affected by this breach.

References: Debenhams Flowers data breach hits 26,000 | Around 26,000 customers affected by Debenhams Flowers data breach | Debenhams Flowers Breached Via Third-Party Provider

 

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • FIM solution would detect any type of file modification or addition
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Audit of third party vendors that support your business

Malware

Persirai botnet leaves over 122,000 IoT cameras vulnerable

A new IoT botnet has been discovered, and it’s called Persirai. Following suit just after Marai, an IoT malware in October 2016 that brought down many large internet and online services, Persirai’s focus is on web-connected cameras. Researchers claimed this new IoT botnet is targeting over a thousand different IP camera models, ultimately introducing malware vulnerabilities to over 122,000 web-connected cameras.

Due to the ease of use and connectivity, IP cameras are highly visible targets for IoT malware because of the Universal Plug and Play (UPnP) protocol. Attackers can access the vulnerable interface on these devices to download and execute the malicious shell scripts. Once executed, the malware can delete itself and run only on memory to avoid detection, as well as block the zero-day exploits it uses to prevent other attackers from hitting the same target.

Researchers are still tracing back the origins of this malware but have found special Persian characters in the code.

References: New Persirai IoT Botnet Emerges | 120,000 IoT cameras vulnerable to new Persirai botnet say researchers | Another IoT botnet has been found feasting on vulnerable IP cameras

Mitigation Strategies:

This Week's Suspicious IP Addresses

203.162.130.67 92.53.119.66
221.194.47.236 134.249.25.250
103.207.37.239 185.145.131.159

*IP addresses provided by Recorded Future.