Eddie Bauer Hit with POS Data Breach

This week we hear about how Eddie Bauer was Hit with POS Data Breach and how a Trojan Uses TeamViewer to Spy on PCs in Europe, Russia and US.

Breach

Eddie Bauer Hit with POS Data Breach

The outdoor clothing store retailer, Eddie Bauer, was the latest victim of a point-of-sale malware that stole credit card information. Eddie Bauer has admitted that its 350 of its stores in the US and Canada may have been affected by the attack. The notice states the cardholder names, payment card numbers, security codes and expiration dates may have been extracted by the malware, but purchases over its online retail services were not affected.  

References: Eddie Bauer POS Systems Hit with Malware | Eddie Bauer Confirms Payment Card Breach of US, Canadian Stores | Eddie Bauer Is Latest Retailer Infected With Data Breach Malware

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log management could detect any suspicious user account activity
  • Vulnerability scanner to identify any potential vulnerabilities in the environment
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Malware

Trojan Uses TeamViewer to Spy on PCs in Europe, Russia and US

Earlier versions of this Trojan exist, such as BackDoor.TeamViewer.49, but it only allowed them to spy on traffic by downloading a malicious library that’s installed on the target machine. However, the latest version uses the TeamViewer application itself to spy on the victim, but also steals information by having the Trojan load a malicious library with the same name TeamViewer would normally load, and disabling any error messages that appear.

The geographical areas in which the Trojan is targeting seems to be shifting. For example, it was targeting systems in Britain and Spain, but now is moving to the US in August. Additionally, there have been reports of it in Russia.

References: TeamViewer Trojan Makes it Spy on You | Backdoor Trojan Uses TeamViewer Components to Spy on PCs in Europe, Russia, US | Trojan Affecting TeamViewer Comes Knocking on European and US Doors

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Netflow traffic may also reveal large data transfers and potential data leakage 

Top 20 IP Addresses

185.129.148.19 194.67.210.183
185.51.247.211 46.109.168.179
93.174.91.49 81.183.56.217
93.184.220.29 213.205.40.169
188.118.2.26 178.32.92.113
80.150.6.138 87.222.67.194
118.170.130.207 112.140.42.29
93.174.93.136 208.71.106.48
195.130.132.84 220.181.87.80
114.44.192.128 94.102.49.174

*IP addresses provided by Recorded Future.