7/11/2016 Weekly News: Wendy's Breach Much Larger than Initially Believed

Welcome back to Astria Horizon for more security news from across the web. This week I'd especially like to call your attention to the article on the hacking of several Wendy's locations, including many that our customers in New Mexico may have been affected by. This breach was much larger than initially thought, and saw the theft of credit card data from customers for over half a year. In the article summary I have also included a link so you can see if any of the stores you may have visited were affected.

1. CSO Online, "Wendy's hack was bigger than thought and exposed credit card data."

In some unfortunate news about data breaches, it was found that the fast-food chain Wendy's hack was much larger than believed initially. While Wendy's believed less than 300 of its locations were affected, it was recently discovered that over 1000 of the franchised stores were affected by this breach. Many of these stores are located in Astria's home state of New Mexico, including many locations in Albuquerque and in Gallup. Wendy's has provided a list of affected locations which can be found here.

The locations affected had a targeted form of malware on their point-of-sale systems that specifically stole all credit card info, including the card  number, card-holder's name, expiration date, and even the verification code. This information was then believed to be sent out by the malware to the criminals who installed it. If you've eaten at Wendy's in the past year, it is highly advised that you view the list and check if your store was affected, and if it was, contact your credit card provider immediately for a replacement.

2. Watchguard Security Center, "Fitbits Hack ATMs?"

This short video from Watchguard shows the capabilities of Fitbits, the accuracy of their data, and how cyber-criminals could use these in the future. Corey Nachreiner discusses how security researchers found that using the motion data found on an average Fitbit device could allow them to detect which buttons the user pressed on an ATM's pin pad, essentially allowing the criminal to learn your pin. If the criminal also had a skimmer in place on that particular ATM, he would have access to both your card number and your pin, which of course would allow him to more easily make fraudulent purchases with your card.

While the concept was certainly interesting and had considerable accuracy, Nachreiner points out a few flaws with an attack of this type in his video. The most basic of issues is that as Fitbits and other fitness trackers are usually worn like a watch, they are rarely worn on your dominant hand. That means, the hand with the Fitbit is not likely to also be the hand you use to enter your pin, and so would not give the required motion data to any criminals. In spite of this and other issues he mentions in attacking Fitbits and similar devices, it is an interesting case study at the very least, and shows how criminals could benefit from the accuracy of the data collected by wearable devices.

3. Security Week, "Thousands of Websites Compromised to Spread CryptXXX Ransomware."

One of the newer forms of ransomware, CryptXXX, has come up with a new attack method. This article from Security Week discusses how at least 2000 different legitimate websites have been compromised, and now redirect visitors to download the ransomware. It seems that most of these have been running old and outdated forms of WordPress and Joomla! on their websites, as well as some outdated and vulnerable plug-ins. This allowed the hackers to break in to their websites, and redirect their viewers into accidentally downloading their ransomware.

The biggest thing to note here is that if you use a content management system (CMS) for your website like Joomla! or WordPress, it is vitally important to keep it updated. Hackers benefit greatly from taking over legitimate websites as it allows them to infect systems they otherwise would be unable to reach, making them a great target. And when CMS services are updated, it is often to patch vulnerabilities that cyber-criminals already know of. So leaving your CMS website un-updated often leaves it exposed attacks just like these, which hurt not only your business, but any customers or potential customers that may visit your website.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com

7/5/16 Weekly News: How to spot skimmers, Android malware affecting millions of devices, and Dangerous keyboard at 50 mil downloads

This week we found articles on skimmers and on risks to avoid with your cell phone. You may have heard of credit card skimmers before, but do you know how to spot them? We'll go over the differences today. Plus, a new Android malware that can't be deleted by factory resets. And lastly, we'll show you a keyboard app that you should definitely stay away from, even though millions of others have already downloaded.


1. From Krebs on Security, "How to Spot Ingenico Self-Checkout Skimmers."

Thieves are often out to steal credit card numbers, and one of the more popular methods to do such is to use skimmers. If you've never heard of them, skimmers generally are designed to lay on top of genuine devices where you would swipe your credit card, such as an ATM or the credit card terminal at your grocery store. They don't alter the real device's function, but instead silently record the numbers and pins of cards swiped through them for the thieves to collect when they return for the device.

In this article, Brian Krebs notes specifically a new skimmer that has been appearing at Wal-Mart locations, particularly in self-checkouts. The article shows what the genuine device and the skimmer look like so that you can spot them. One of the biggest notes to me is that in this particular model, the skimmer ends up covering the stylus holder on the left, which may be the fastest give away. Be sure to view the article if for nothing else than to see the pictures of the overlay skimmer.

Still, one of the best practices to check for overlay skimmers is to simply give a little tug on the top part of the credit card terminal. If a skimmer is in place, you may be able to feel a very noticeable seam from the bigger piece being placed on top of the smaller one. If you ever do find a skimmer, notify the owners of the terminal and the police.

2. From Security Week, "Millions of Android Phones Infected With 'Hummer' Trojan"

A new Android malware, dubbed "Hummer" by researchers, is affecting millions of Android phones. According to the article by Security Week, the malware has been around for several years, but only became widespread within the last year. Currently, the daily average of infected devices is at about 1.2 million, many of which are likely generating income for the malware creators.

The malware displays a heavy amount of ads on infected phones, and clicking on these, whether the user meant to or not, will generate income for the malware's developers. Security researchers estimate the malware could be generating as much as $500,000 per day for the criminals, making this a particularly profitable malware. Worse, the malware actually tries to root the device after install, making it very difficult to remove, even with factory resets. On top of that, it can download additional malicious apps, and uses the victim's data, possibly adding additional costs to the victim.

The biggest take away is simply, be careful! While this malware isn't widespread in the US at the moment, many others are. One of the biggest dangers with mobile devices is the lack of awareness of the risks, but the truth is that Android and Apple phones both have serious vulnerabilities, and should be treated as such. The same sorts of websites and habits that you should avoid on computers should also be avoided on your phones, or you could risk downloading malware that is nearly impossible to remove.

3. From CSO Online, "Dangerous Keyboard App Has More than 50 Million Downloads."

In a very similar vein to the previous article, CSO Online reported that a similar dangerous app is also across millions of devices, but this one is downloaded intentionally. The Flash Keyboard app on Android may appear to be a standard keyboard app with additional features, but it puts users' phones at risk and portrays further questionable actions, sending private user data to an unknown server without user permissions.

On top of that, the app requires nearly every permission set available, something keyboards generally do not need. This creates a vulnerability in the phone, as if the app was hacked, criminals could use it to download files, install shortcuts, and even potentially lock users out of their phones, all without any user notification. The only verification it requires is the initial permission set when you download it, which unfortunately many users ignore.

This app is indeed a risk, and it would be wise to stay away from it, but there's more to learn here. Pay attention to the permissions you give apps when they download, and ask yourself if the risks outweigh the benefits. Does a keyboard really need permission to access the web, download files, and install shortcuts without your notification? Do phone games need the same access? Be sure to consider these risks before you download any new app.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com