Indigo Books and Music has become the latest victim of a cyberattack that managed to shut down its website and allow them to only accept cash payment. The attack on Wednesday, February 8th, prevented the company from accessing their website, credit card readers, and the ability to accept gift cards as payment. The company has not disclosed the type of cyberattack, but stated they are working with a third-party company to identify what, if any, client information was stolen.
It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It is highly recommended that organizations engage in a defense in depth approach that focuses on detecting post compromise activities. Binary Defense’s MDR and Threat Hunting offerings are an excellent solution to assist in such a program.