Wendy’s, Cici’s, Twitter – The Attacks Keep Coming

June 10, 2016 CyberCecurity Leave a comment

In January 2015 Wendy’s disclosed, after many banks already announced, that it’s point of sale system was breached. For months Wendy’s refused to provide any details, only saying that they were investigating things.

In May, when it released it’s first quarter earnings report, it said that fewer than 300 restaurants were compromised and all of them were franchisees. None of the compromised systems were at company owned stores. The NCR Aloha POS system, installed at many locations and planned to be deployed at all locations soon, was not compromised, but 50 other stores were compromised with other forms of malware.

Some people are saying the size of the breach is limited, but banks are saying that the hackers are being very effective at using the compromised cards and the banks are having a hard time controlling their losses.

Wendy’s appears to be really struggling with this.

On June 9th, they admitted that the breach was worse than they admitted in May. The new locations, for which they have not announced a number, had a variant of the original malware, which the original forensics firm did not detect.

What this may mean is that Wendy’s is still bleeding credit cards. The banks certainly seem to think so.

Hopefully at some point, we will find out the real damage, but Wendy’s does not seem to be able to effectively get to the bottom of it. In the mean time, class action lawsuits have been filed.

In the meantime, Cici’s Pizza appears to have been hacked. A little over a million card numbers seem to be available on the dark web. While Cici’s gave reporter Brian Krebs a total runaround, the POS vendor, Datapoint, said that this appears to be related to the TeamViewer hack that has been in the news lately and that multiple POS vendors are affected. TeamViewer, a remote access tool, has been in the news lately as many people say that their systems, which have TeamViewer Installed, have been compromised. TeamViewer insists that they have not been hacked, but so did Wendys for quite a while.

There have been a number of POS attacks which were completed by compromising the remote control software that was used by the third party to manage the POS systems in the stores. Brian Krebs is reporting that the attack on Cici’s may have been assisted, at least in part, by people pretending to be technicians for the POS company and socially engineering store employees into giving them access. If so, this is a classic attack method – using store employees as their foil.

Both the Cici’s and TeamViewer attacks are relatively new, so we have not had any official news – other than the typical denial – from either company.

Interestingly, Brian Krebs said that when he went to the Datapoint web site, Google says Datapoint’s site was compromised and that it was once used by hackers to promote Viagra clones. He has a screen shot of the Google alert on his web site.

Now on to Twitter. This has not been a good week for Twitter. Over the week, the accounts of many celebrities including Mark Zuckerberg, Katy Perry and the NFL, among a number of others, were hacked.

Twitter says that some number of accounts have been compromised and their owners – as well as the hackers – have been locked out, on purpose. Media sources say that number is 33 million.

Twitter says that their servers were not hacked. Some sources are suggesting that the list of 33 million accounts may have been aggregated by combining data from other hackers – like the 100+ million records taken from LinkedIn, since people seem hell bent on reusing passwords.

One thing that everyone needs to seriously consider is to start using two factor authentication. All major websites offer it and while it is a bit of a pain, it really is a requirement, not an option. For users that have two factor authentication turned on, the real owner will get an alert on their phone and the hacker will have to figure out how to get that 6 or 8 digit number to log in. That will effectively keep the attacker out, even though they have your password.

As businesses and users continue to insist on convenience over security, the hackers continue to win. At some point, the cost of being hacked will outweigh the convenience of reusing passwords, using passwords like 123456 and other not-so-smart things.

However, I recommend that you not hold your breath waiting.

Information on the Wendy’s breach came from eWeek.

Information on the Cici’s breach came from Brian Krebs.

Information on the Twitter attack came from The Guardian.