Kmart Hit by Another Malware Security Breach

This week, the Alert Logic team highlights New Kmart Breach and how Fireball Malware Infects 250 Million Devices. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Kmart Hit by Another Malware Security Breach

Kmart is fighting a malware security breach of its credit card processing systems, the second cyber attack on the big box retailer in less than three years. Kmart’s parent company, Sears Holdings Corp., released information outlining the malware attack after the company discovered unauthorized credit card activity following certain customer purchases at Kmart stores. The company battled a similar breach in October 2014 where the company stressed that no personal information or data was stolen.

Both attacks involved malware designed to steal credit and debit card data from point-of-sale (POS) systems and then makes copies the data stored on the card’s magnetic strip. The data can then be used to clone the cards to be used for purchases.

References: Sears Announces Kmart Malware Attack | Credit Card Breach at Kmart Stores. Again. | Sears Confirms a Fresh Malware Attack on Kmart

 

 

Mitigation Strategies:

Malware

Fireball Malware Infects 250 Million Devices 

Researchers have discovered a malware infection of staggering scope and destructive potential and it is called “Fireball”. The malware package is believed to have infected more than 250 million computers worldwide and is present on 20% of corporate networks, with major infection centers in India, Brazil, and Mexico.

The malevolent software appears to be mainly intended to generate fake clicks and traffic for its creator, a Beijing advertising firm called Rafotech. When installed, the software redirects a user’s browser to websites that mimic the look of the Google or Yahoo search homepages. The fake pages surreptitiously gather private information about the user using so-called tracking pixels.

References: Fireball Malware Could Spark 'Global Catastrophe' After Infecting 250 Million Computers | After WannaCry, Fireball Malware Infects 250 Million Computers; India Worst Affected | ‘Fireball’ Malware From China Hits 250M Devices

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Restore your browser to default settings

This Week's Suspicious IP Addresses

80.93.187.194 213.32.7.73
60.191.38.78 121.18.238.106
124.127.165.237 121.12.61.103

*IP addresses provided by Recorded Future.