Massive WWE Leak Exposes 3 Million Wrestling Fans

This week, the Alert Logic team highlights WWE Breach and New Point-of-Sale Malware. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Massive WWE Leak Exposes 3 Million Wrestling Fans

A security breach at WWE exposed personal information of 3 million users. According to reports, the sports entertainment company stored key personal information, including addresses, educational background, earnings and ethnicity, on an unsecured server that anyone could’ve accessed.

The data was sitting on an Amazon Web Services S3 server without username or password protection. It's likely the database was misconfigured by WWE or an IT partner. A WWE spokesperson said the firm was working to determine the cause of the leak.

References: Massive WWE Leak Exposes 3 Million Wrestling Fans' Addresses, Ethnicities And More | WWE Data Breach Exposes 3 Million Accounts | WWE Issues Statement on Security Breach Exposing Fans’ Personal Information

Blog: WWE Breach Highlights Need for Better Cloud Security

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Web application firewall management and advanced anomaly detection. 
  • FIM solution would detect any type of file modification or addition
  • Log management could detect any suspicious user account activity.

Malware

New Point-of-Sale Malware Hitches Ride with FlokiBot

A once-dormant command-and-control server for Flokibot has woken up and begun to distribute a new point-of-sale (PoS) malware family. The new threat, which security researchers call "LockPoS," uses run keys in the Windows Registry to achieve persistence before communicating with its command-and-control server over HTTP.

PoS malware gangs are always developing new strains to target businesses' point-of-sale terminals. 

References: LockPoS Point of Sale Malware Emerges | LockPos, The New Point-of-Sale Malware | New PoS Malware LockPoS Emerges in the Threat Landscape

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity and collect system log of USB activity.

This Week's Suspicious IP Addresses

107.180.56.147 222.27.187.129
221.0.171.162 141.134.128.017
60.191.210.58 117.34.80.240

*IP addresses provided by Recorded Future.