Exploit: Malware

Checkers Drive-in Restaurants Inc.: Fast food chain operating in 28 states

Risk to Small Business: Severe: Hackers successfully infected 102 of the company's point-of-sale systems with malware that stole customers’ payment information. The restaurant chain has elicited the support of law enforcement authorities and third-party security experts to remove the corrupted software from their systems. They will now face the considerable costs of digital infrastructure repair and reputational costs that could discourage people from visiting their restaurants.

Individual Risk: Severe: Attackers gained access to information stored on the credit or debit cards’ magnetic strips. This includes cardholder names, payment card numbers, verification codes, and expiration dates. This extensive payment information can quickly make its way to the Dark Web or be redeployed as a payment method on other websites. All customers should review their account statements for suspicious activity while also procuring credit monitoring services.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Any company reliant on point-of-sale exchanges with their customers must be especially vigilant about protecting the integrity of these systems. Not only is it incredibly costly to repair the technological infrastructure, but the cascading consequences of reputational damage can be even more profound. Companies can (and should) demonstrate their commitment to protecting their employees and customers by taking proactive measures to prevent future breaches.

Read more

In Other News: Stolen NSA Tool May Be Responsible for Rash of Ransomware Attacks

Ransomware attacks on local governments have become alarmingly prevalent, and they may have an unlikely source – a cyber weapon developed by the U.S. National Security Agency (NSA). In 2017, the NSA lost control of one of its most impactful weapons, code-named EternalBlue, and it now lies in the hands of independent bad actors and state sponsored hackers. 

The impact on local governments has been immense. While some cities refuse to pay the ransom, many are left with little choice but to pay up to restore access to their digital infrastructure. At the same time, the additional security costs have made it difficult for cash-strapped governments to combat the threat. 

With so much on the line, a comprehensive ransomware response plan has never been more important. Since most ransomware originates as phishing scams sent to employee email accounts, this also means that proper training can be worth its weight in gold, or at least in Bitcoin. 

Read more