Week 28 Cyberattack Digest 2018 – Macy’s, B&B Hospitality Group, Ticketmaster and others
As usual, we are coming up with a new cyber attack week digest. Are you ready to learn about the most notorious incidents of the last week?
Macy’s reports about signs of fraud
by Bleeping Computer – 9 July 2018
One of the leading department store chain Macy’s is warning some of its customers about possible security incidents that could affect online store profiles and financial details. In the letter sent to the customers, the authorities of the store said that company’s “cyberthreat alert tools” had warned it about some “suspicious login activities” earlier. The organization locked access to all accounts where a suspicious login activity had been detected. Also, Macy’s said that it put on alert such card companies as Visa, Mastercard and American Express. Later, some accounts of Bloomingdale’s were also said to be affected.
Nine restaurants fell victim to a PoS attack
by SC Media – 10 July 2018
PoS(Point of Sale) devices rarely fall out of attackers’ attention for a long time being a fructiferous target. So happened in case with nine restaurants in the New York City area. The restaurants are owned by B&B Hospitality Group (B&BHG) and included Del Posto, Babbo, Casa Mono, Becco, Otto Enoteca e Pizzeria, Esca, Lupa, Tarry and Felidia. The incident possibly occurred between March 1, 2017 and May 8, 2018 and affected card numbers, names, expiration dates, internal verification codes and other payment data. B&BHG representatives announced that security specialists had removed the malware from all of the restaurants.
Over 800 e-commerce sites are targeted in Ticketmaster attack
by SC Media – 11 July 2018
Several Ticketmaster UK customers were affected in an attack that targeted more than 800 e-commerce sites; and first, attackers gained access to the systems of InBenta Technologies, a firm that works with Ticketmaster. Malefactors are said to relate to the Magecart APT group and the initial strategy of the attackers was to compromise other websites compromising the financial data of thousands of people. The researchers claim that there were some 17 different Ticketmaster sites affected over a long period and that the group’s attempts to steal records that way date back to December 2016.
Ammyy_Service[.]exe malware is back again
by Welivesecurity – 11 July 2018
Using themes that are on hype is not always a fair game, and now you will learn why. Ammyy Admin website was compromised once again. The malware involved was a multipurpose trojan and banking malware, usually associated with the cybercriminal group Buhtrap. What is notable here, the attackers manipulated server URL that contained the phrase “fifa2018” as a cover and a way to confuse investigators. A similar attack was performed in 2015 when the malware file had the same name, which is Ammyy_Service[.]exe, and every time the malefactor made several changes to the malware while the site was attacked.
This week, attackers decided not to let people enjoy themselves and do shopping, have a nice a meal at a restaurant or simply google some new info on the Fifa. We hope, this week would be not as disappointing. Also, follow us on Twitter, Facebook, and LinkedIn.