Snapchat Employee Falls Victim To ‘Phishing’ Scam

This week, we hear the latest on the Snapchat phishing scam and the evolution of the FighterPOS Malware that is now targeting systems in the United States.

Breach

Snapchat Employee Falls Victim To ‘Phishing’ Scam

On Sunday, Feb. 28, Snapchat disclosed that one of their employees fell victim to a ‘phishing’ scam and leaked sensitive payroll information of current and former employees. The scam email posed as a legitimate email from CEO and co-founder Evan Spiegel, requesting payroll information. Snapchat immediately reported the incident to the FBI, has offered 2 years of free identity theft insurance to affected individuals, and plans on strengthening their already rigorous training programs on privacy and security. This is not the first attack Snapchat has dealt with. Over two years ago, usernames and phone numbers of its then 4.6 million users were leaked online. Again in 2014,  at least 100,000 media files were leaked over the internet. Snapchat insists that its internal servers were not breached in this most recent attack and assure its users that their information is completely safe.

References: Snapchat employee data leaked following phishing scam | A Snapchat data breach may have compromised employee data | A Snapchat employee emailed coworkers' personal data to an attacker

Mitigation Strategies:

  • Log management could detect any suspicious user account activity. 
  • Access credentials—including security keys—should be managed, stored, and protected securely in accordance with best practice. 

Malware

FighterPOS Malware Has Evolved And Is Now Targeting The US

The FighterPOS malware that was first reported, back in April 2015, now has a new variant. Floki Intruder, the latest variation of FighterPOS, now has worm capabilities that allow it to spread from an infected POS system to other POS systems on the same network. This is troublesome for industries like retail and hospitality because the worm capability of FighterPOS makes it much harder to eradicate from their systems. This malware was first observed to only affect Brazilian businesses, but researchers have noticed the code has begun to switch to English from Portuguese, suggesting the attackers have spread from just Brazil. When FighterPOS was first discovered in April of last year, only about 1% of infections detected occurred in the United States, but that percentage is now up to about 6%. This fact should alarm businesses using POS systems to make sure they are adequately protecting their network, employing strict access controls, and segregating the traffic flowing on their network.

References: The new FighterPOS PoS Malware implements worm capabilities | FighterPOS Malware can now spread on its own | FighterPOS Malware gets a worm variant

Mitigation Strategies:

  • Security Operations Center team provides around-the-clock security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Top 20 IP Addresses

101.200.167.50 191.205.248.38
186.92.246.28 188.118.2.26
80.78.102.189 81.183.56.217
122.102.11.242 222.186.52.146
46.109.168.179 183.3.202.103
118.170.130.207 123.59.33.133
94.242.246.40 87.222.67.194
185.92.72.90 112.54.83.98
125.89.68.150 183.60.48.25
195.191.158.226 93.174.95.77

*IP addresses provided by Recorded Future.