51 UPS Franchise Stores Breached, Malware Already in Systems since January

One of the world’s largest package delivery company, United Postal Service (UPS), recently disclosed a widespread malware breach on 51 of its 4,470 franchise stores. This potentially compromised about 105,000 customer transactions between the period of March 26 and August 11, 2014 in most stores

Further assessment showed that traces of the malware could have been in the system in as early as January 20. This gave attackers an approximate window of seven months to stay inside the company network, which can be used to gather customer and other company information.

The company is yet to release any records of fraud or abuse as a result of this breach, however, it exposed customers to theft of their personal information, including names, postal addresses, email addresses, as well as credit and debit card details.

The breach was spread out in branches across 24 states, the complete list and incident information for which can be found in the UPS store site.

As a response, UPS offers identity protection and credit monitoring services to the impacted customers. Given as it cannot directly notify customers for lack of access to personal information tied to credit card data, the company directs those who are affected to a service site created for this event.

In addition, the company encourages its customers to monitor their account statements and immediately report to the card issuer or bank if their credit or debit cards were impacted.

Attacks against Retail Payment Systems

UPS is the next in a series of big retail chains that have been attacked this year. Roughly 40 million customers had their credit and/or debit card information in what could be the largest breach in retail history in the first quarter of 2014.

Recent massive breaches on big name brands such as UPS exhibit a noticeable pattern in attack targets, where threat actors zero in on payment systems that are difficult to secure and easy to breach.

Previous research on point-of-sale (PoS) system breaches revealed the many ways by which threat actors can get into millions of customer payment information by taking advantage of device and network flaws.

“Many PoS terminals are built using embedded versions of Microsoft™ Windows®. This means that it is trivial for an attacker to create and develop malware that would run on a PoS terminal, if he can gain access to that terminal and bypass or defeat any running security solutions present. Sufficiently skilled and determined attackers can thus go after a business’s PoS terminals on a large scale and compromise the credit cards of thousands of users at a time. The same network connectivity can also be leveraged to help exfiltrate any stolen information. This is not just a theoretical risk, as we have observed multiple PoS malware families in the wild.”

What’s In a Breach Response?

“Initial breach response handling is paramount to maintain brand loyalty. Identifying lessons learned post breach is also essential. The most-overlooked aspect of a breach is the downstream impact for years to come. As information assault continues on businesses, the data exfiltrated is coalesced and sold in unspeakable communities by people who do unimaginable things—all done at a company’s expense and for ludicrous sums of money,” remarks JD Sherry, Trend Micro vice president for technology and solutions.

Breached companies are often wont to deliver quick-release incident responses that deal with the matter at the moment. However, Sherry points, the impact of a breach stays longer with a company and its affected customers. A previous report on the long-running Russian cybercrime ring that allegedly stole 1.2 billion Internet records traced how stolen personal information are typically sold in the cybercrime underground market on varying amounts.

As such breach responses need to answer issues of how to answer to customers risking data loss now, but also questions of how to further mitigate what this breach will do for the company in the future.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.