Possible Security Breach at Gamestop, Wordpress Sites Targeted by Brute Force Attacks

This week, the Alert Logic ActiveIntelligence team highlights how GameStop.com is Investigating a Possible Breach and how Home Routers are Used to Hack WordPress Sites.

Breach

GameStop.com Investigating Possible Security Breach

GameStop is advising customers to review payment card statements after a possible security breach. The company says it received notification that information from payment cards used on their website may have been stolen. According to reports, their customers’ data and credit card information showed up for sale online.

The breach reportedly happened between September 2016 and this past February; it compromised customer credit card numbers, names, expiration dates, addresses and the card’s security codes. GameStop says a leading security firm was brought in to investigate the potential breach and says it regrets any concern the situation has caused.

References: Gamestop.com Investigating Possible Breach | GameStop Customers, Beware of a Possible Data Breach | GameStop Investigating Possible Major Online Security Breach

Mitigation Strategies:

  • Web application firewall management and advanced anomaly detection. 
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • FIM solution would detect any type of file modification or addition.
  • Encryption the process of encoding a message or information in such a way that only authorized parties can access it.

Malware

Home Routers Used to Hack WordPress Sites

There's a group of hackers who are hijacking unsecured home routers and using these devices to launch coordinated brute-force attacks on the administration panel of WordPress sites. Once they've gained access, the attackers can guess the password for the page and commandeer the account. According to reports, the routers play a crucial role in this scenario, as it allows hackers to spread their brute-forcing attack over thousands of different IP addresses, avoiding firewalls and their blacklists.

References: Hacked Home Routers are Launching Brute Force Attacks on WordPress Sites | Hacked Home Routers are Trying to Brute Force Their Way into WordPress Websites | Hackers Attacking WordPress Sites via Home Routers

Mitigation Strategies:

  • Web application firewall management and advanced anomaly detection.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Solid patch management program to quickly mitigate the risk of a vulnerability and secure WordPress

This Week's Suspicious IP Addresses

183.214.141.101 113.195.145.13
218.65.30.25 61.177.172.59
116.31.116.46 14.17.66.135

*IP addresses provided by Recorded Future.