New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Dickey’s BBQ Pit Restaurant Chain Data Theft

The largest barbecue restaurant chain, Dickey’s BBQ Pit, suffered a data breach that was discovered this week but appears to have been ongoing since July 2019. The attackers stole over 3 million customers’ credit card data over the course of a year without being detected. The stolen data was posted on a card and fraud marketplace known as Joker’s Stash. The discovery was made by Gemini Advisory, a cybersecurity firm that tracks financial fraud. Dickey’s stated that they discovered the breach after the criminals started advertising a massive collection of payment card details for sale. Gemini analyzed the data and said that the attackers appear to have compromised 156 of the 469 restaurant locations. The payment card records are mostly for cards using outdated magstripe technologies and are being sold for the average price of $17 a card. Dickey’s was contacted and according to their statement, they have contacted the FBI and payment card networks to investigate the incident.

Analyst Notes

Analysts notes: Customers of the BBQ chain should monitor their banking institutions for fraudulent activity. If unusual activity is found, the activity should immediately be reported to the institution so that it can be stopped as soon as possible. Companies should perform regular security audits and network monitoring to check for breaches such as these. It is currently unknown as to how long the attackers were in the network before they started to steal cards, so continued endpoint and network monitoring may have revealed the breach before the data was stolen. One of the best ways to detect credit card data theft is to monitor unusual processes on point of sale terminals, especially those that inject into the memory of other running processes. Attackers normally set up automation scripts to manage the collection of card data from hundreds of stores, so watching for unusual scripting that communicates with a large number of remote systems using administrator credentials is another good detection strategy.

Source Article: