Hutton Hotel Breached by Malware for Over 3 Years

This week we hear about how Hutton Hotel is Breached by Malware for Over 3 Years and about a New Backdoor Trojan Variant for Mac

Breach

Hutton Hotel Breached by Malware for Over 3 Years

Nashville, Tennessee-based hotel, Hutton Hotel, recently announced that they have been affected by a serious point-of-sale (POS) security breach that impacted all their customers that used credit or debit cards at the hotel since September 2012. The malware was able to obtain information, such as names, credit and debit card numbers, expiration dates and verification codes of guests who paid or placed a reservation, and guests who made purchases at on-site food and beverage outlets may also have been affected. Typically, POS malware infection goes undetected for a year or two, but at Hutton Hotel, it was able to stay hidden for over 3 years.

Hutton Hotel is notifying guests that are impacted by the breach of the security incident.

References: Nashville Hotel Suffered POS Breach for Three Years | Hutton Hotel PoS Systems Compromised with Malware for Four Years | Hutton Hotel Warns of Payment Card Breach That Lasted Over 3 Years 

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log management could detect any suspicious user account activity
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • FIM solution would detect any type of file modification or addition
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Malware

New Backdoor Trojan Variant for Mac

Mokes is a cross-platform backdoor Trojan that specializes in spying capabilities, such as capturing audio, video and taking screenshots every 30 seconds from a victim’s machine. It was known that Mokes affected Linux and Windows operating systems, but researchers have recently confirmed that a Mac variant exists, and that it has additional capabilities, such as monitoring removable storage and file systems for Office documents - .docx, .doc, .xlsx, and .xls files. Once the attacker has infected Mac devises, he can send commands to the Trojan to execute several actions.

The number of malware targeting Linux and Mac systems have increased over the last several months.

References: Data-Stealing Mac OS X Backdoor Uncovered | What's Behind Backdoor #3? Mac Version of Mokes Malware Follows Linux, Windows Variants | Trifecta Complete: Linux and Windows Backdoor Has a Mac Version as Well

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites

Top 20 IP Addresses

81.183.56.217 46.109.168.179
193.111.140.100 188.118.2.26
118.170.130.207 93.184.220.29
80.82.64.64 114.44.192.128
69.195.129.70 31.184.234.173
217.165.0.136 192.3.150.196
74.208.167.253 72.241.207.62
77.138.205.139 117.218.187.28
200.123.152.97 24.139.216.168
88.148.36.4 86.98.69.232

*IP addresses provided by Recorded Future.