US-based clothing retailer Forever 21 is investigating a potential data breach after receiving a third-party tip on Tuesday of unauthorized data access in a number of their outlets. One cyber forensics firm working with the retailer in this investigation discovered a deployment issue back in 2015. When the company introduced encryption and improved security systems into their stores, some locations were at the time not in full security operation and potential compromise may have taken place during this grace period.
The company is continuing their investigation into the matter, focusing on transactions made in store from March to October of this year. Customers have been advised to keep watch of any unexpected banking and credit card activity.
Spotted by IBM X-Force Research back in September, the IcedID banking trojan has been affecting financial institutions including banks, payment card providers, mobile service providers, and e-commerce sites. Like other banking trojans Zeus, Gozi, and Dridex, IcedID is similar in its manipulation tactics, using both redirection and web injection, but does not derive code from these examples.
IcedID is delivered via the botnet infrastructure EMOTET, one of the notable malware distribution methods of 2017. Once a user opens their internet browser, a configuration file containing the trojan’s targets is downloaded from a C&C server. IcedID then sets up a local proxy running on port 49157, which then funnels web traffic to a fake site to collect user credentials. These pages mimic the look and feel of legitimate banking websites, displaying the correct URLs and SSL certificates.
IcedID can be stopped by multilayered security solutions as the trojan lacks anti-virtual machine and anti-research techniques.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.