File Integrity Monitoring NON STOP FILE INTEGRITY MONITORING

Details have emerged of three new breaches affecting Big Fish Games' website, Jefferson National Park Association's gift shop POS systems and a spear-phishing attack targeting employees of State of Franklin Healthcare Associates. NNT provide more details of what and how happened, and how other organizations can protect themselves.

 

Big Fish Games have reported this week that they self-discovered an incident on January 12 2015 which involved the theft of payment card and Personal Identifiable Information form their website. Customers affected made purchases between December 24 2014 and January 8 2015.

Their letter to affected customers goes on to state that the malware has been removed and they have taken steps to prevent a reinstallation.

It isn’t clear at this stage how the malware infection was instigated or whether there is any other link to previous eCommerce/Web retailer sites such as Book2Park.com, Park ‘N Fly and IDParts.com reported previously.

Book2Park.com breach details here 

Park ’N Fly and IDParts.com breaches detailed here

 

Jefferson National parks Association issued a press release last week reporting that malware had been discovered on POS systems at the Levee Mercantile and Museum Store gift shops.

The malware has been in place since August 2014 and the source was eventually identified as JNPA in December. Correlation of fraudulent transactions is used by payment card brands and providers to identify a common factor to all. This allows the breach source to be pinpointed and action taken, but it always takes time for victims to notify their bank of suspicious transactions, by which time the card data theft has already been running for months.

2014 saw numerous high-profile POS malware attacks resulting in card data theft, including the recently reported Marriott Hotel breach, Chick-Fil-A and Staples, leading to renewed focus on PCI DSS requirements for system hardening and file integrity monitoring.

Suspected POS breach at Chick-fil-A: Did the PCI DSS fail?

The Jefferson National parks Association press release is here

 

Finally, Employees at State of Franklin Healthcare Associates have been targeted in a spear phishing scam. The cyber attack intent was to elicit social security numbers and personal identifiable information. In turn, this information would then be used to file fake tax returns and claim refunds. Why this particular organization’s employees were targeted is unclear but it is well-known that the more targeted and personalized a phishing attack is (at which point it becomes classed as Spear Phishing), the more likely it is to bear fruit. For our notes on phishing attack protection see  our article ‘Batten down the hatches! Looking at ways to enhance protection against ransomware, APTs and other phishing malware’

The original State of Franklin Healthcare Associates attack report is here 

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter