Kimpton Hotels Investigating Credit Card Breach

This week we hear about how Kimpton Hotels Investigating Credit Card Breach and how a Delilah Trojan Used to Recruit Insider Threat Victims.

Breach

Kimpton Hotels Investigating Credit Card Breach

Kimpton Hotels & Restaurants is a nationwide chain of 62 boutique hotels in the United States, they are investigating reports of a credit card breach at several of their locations. The company said in a statement that they have hired a security firm to support the investigation.

Last year, Starwood Hotels and Resorts, Hilton Worldwide, Mandarin Oriental and others reported breaches, and Kimpton Hotels is the latest hotel chain added to the list. The source and extent of the breach at Kimpton Hotels is unknown, but in many of these incidents, credit card information was stolen by implementing malicious software on the point-of-sale devices at the bars and restaurants on the hotel chains.

References: Kimpton Hotels is Investigating a Possible Payment Card Breach | Kimpton Hotels Investigating Payment Card Fraud | Kimpton Hotels Probes Card Breach Claims

Mitigation Strategies:

Malware

Delilah Trojan Used to Recruit Insider Threat Victims

Threat Intelligence experts from Diskin Advanced Technologies (DAT) discovered a new trojan dubbed Delilah, designed to target potential insiders by blackmailing them to provide information on their employer. Delilah is delivered to victims who visit adult and gaming sites, and when it successfully infects a machine, it lurks to gather personal information, such as facts about family and workplace. A plug-in is available to enable the hacker to remotely switch on the victim’s webcam and take screenshots at regular intervals.

Delilah is currently buggy, and victims can experience screen freezes or see pop-up error messages.

References: Delilah Malware Secretly Taps Webcam, Blackmails and Recruits Insider Threat Victims | Trojan Delilah Recruits Malicious Insiders Via Extortion | New Delilah Trojan Used to Blackmail Employees, Recruit Insiders

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites

Top 20 IP Addresses

188.118.2.26 118.170.130.207
46.109.168.179 81.183.56.217
93.174.93.94 89.42.216.144
114.44.192.128 94.102.49.174
74.208.167.253 46.183.223.59
187.163.145.186 179.60.192.7
185.25.151.159 123.234.227.203
87.222.67.194 92.53.121.56
104.244.43.44 194.125.224.14
195.68.234.148 1.16.0.30

*IP addresses provided by Recorded Future.