Malware attack on DairyQueen

DairyQueen has recently announced that they have been breached in the latest series of  breaches by the Backoff Malware. This Malware has been infecting many stores recently and DairyQueen is its lastest victim. Nearly 400 Stores of the Icecream chain have been compromised by this Malware. DairyQueen also reported that that nearly 600,000 payment cards with customer names, numbers, and expiration dates have been exposed by this. There is currently no evidence that customer personal information such as Social Security has been compromised.

The Backoff malware is a family of malware that obtains information from Point of Sale devices through its methods of infiltration. Backoff malware is used to infiltrate and find the POS devices through things such as emails and than make their way to find the POS devices. Once inside an infiltrated system successfully, an attacker no longer appears as an intruder but rather a user of that system. Once in a system, hackers look for Customer Data Environment so that they can find information like your credit card info and other sensitive data about customers such as Social Security.

“WEAK, STOLEN, OR MISUSED CREDENTIALS – THE ATTACKER’S CHOICE NEARLY 80% OF THE TIME.”
– 2013 VERIZON DBIR

The most effective and least sophisticated method of traversing the network is through valid user credentials – essentially becoming an “insider threat.” Methods used include keylogging, password hash extraction, cracking, replaying login sequences, or even brute force can ultimately help an attacker reach administrative level credentials, domain controllers which would give them powerful access to all the computers in the network.

According to the report released, the attacker on DairyQueen used Third-Party vendor account to get into DairyQueen’s Network. A list of stores infected has been released, these locations spread across every state in the United States. DairyQueen is confident that it has contained the Malware and has offered one year identity repair services to all who are infected.

DairyQueen is not the only company who are infected by backoff, thousands of other companies have been infiltrated by this malware.

Source 1: BACKOFF STRIKES AGAIN: DAIRY QUEEN CONFIRMS MALWARE INTRUSION

http://www.tripwire.com/state-of-security/top-security-stories/backoff-strikes-again-dairy-queen-confirms-malware-intrusion/

Source 2: http://www.tripwire.com/state-of-security/incident-detection/backoff-pos-malware-are-you-infected-and-dont-know-it/

Source 3: http://www.dq.com/us-en/datasecurityincident/Press-Release/?localechange=1&

Advertisements