TuneCore Database Breached, Offers Identity Theft Protection

This week, we hear the latest on the TuneCore database breach and a stealthy payment card malware that is part of the “Nemesis” family.

Breach

Online music distributor breached, offers identity theft protection 

TuneCore, an online music distributor and record label service, was breached on or near December 3. Officials at TuneCore advised that music files were not stolen; however, personal details of customers including names, taxpayer IDs, social security numbers, mailing addresses, account numbers and passwords may have been compromised.

TuneCore stated that they are “working closely with federal law enforcement investigators. At this time, no individual person or entity has been identified as the attacker.”

The company claims that customer financial information is not fully stored in the system and is offering users 12 months of free identity theft protection services within the United States. They have also secured all databases and shut off public access.

TuneCore encourages users to change their passwords, keep tabs on their bank and credit card transactions, and report any unusual activity. 

References: TuneCore Database Hacked, Personal Customer Data Stolen | TuneCore Hack Clean-Up Continues; Free Identity Protection Offered to Users

 

Mitigation Strategies:

  • Network traffic analysis to detect data exfiltration
  • 24x7 Security Monitoring to provide anomaly detection
  • Log management could detect external IP information from the attacker if logs are configured

Malware

Stealthy payment card malware executes before an OS boot 

Malware targeting banks, ATMs, payment card processors, credit unions, and other financial services remains largely undetected, as it steals sensitive card data out of computer memory. It hijacks the computer's boot-up routine in a way that allows highly intrusive code to run even before the Windows operating system loads.

The highlighted malware is part of "Nemesis,” a malware suite that includes all software programs for capturing screens, transferring files, injecting processes, logging keystrokes, and carrying out other malicious activities on the infected computers.

The malware with bootkit functionality has been in operation since early this year and has the ability to modify the Volume Boot Record, a piece of code located in the first sector of an individual partition, which instructs the OS to begin the boot process.

Moreover, the malware resides in a low-level portion of a hard drive that makes the malware infection reappear even after a complete reinstallation of the Windows operating system is carried out.

References: Nemesis Bootkit — A New Stealthy Payment Card Malware

Mitigation Strategies:

  • Intrusion Detection System (IDS) signatures to detect the malware attempting specifically observed call back information
  • Network traffic analysis to detect data exfiltration
  • 24x7 Security Monitoring to provide anomaly detection

Top 20 IP Addresses

94.242.239.218 - NEW 23.91.70.51 - NEW
58.218.213.44 - NEW 104.194.26.205 - NEW
43.229.53.81 - NEW 43.229.53.87 - NEW
221.229.166.247 - NEW 23.91.70.95 - NEW
46.4.94.227 - NEW 94.141.162.45
181.112.229.30 - NEW 43.229.53.43 - NEW
46.4.94.230 - NEW 67.202.109.194 - NEW
84.245.33.104 85.214.194.176 - NEW
14.63.73.39 - NEW 193.111.140.184 - NEW
195.154.235.171 - NEW 195.154.251.81 - NEW