LaCie Data Breach – Part of a Larger Malware Trend
ALERT: French computer hardware manufacturer LaCie has just confirmed a data breach affecting customers who made online transactions on its website between March 27, 2013 and March 10, 2014.
If you purchased anything from LaCie.com within the last year, Emsisoft recommends keeping a close eye on the credit card you used.
LaCie has posted a detailed statement regarding the breach.
Notably, the company has for the time being shut down the eCommerce portion of its website, while hired analysts investigate the breach in depth. LaCie also mentions that, moving forward, they will be migrating all eCommerce to a third party company that specializes in secure, online transactions.
Why is this happening so much!?
Readers who have followed any tech media channel for the last few months might have noticed a disturbing trend: Data breaches are on the rise. For most, the story begins with the North American big-box retailer, Target. During the 2013 Holiday shopping season, Target fell prey to a highly advanced malware infection that allowed for a point of sale data breach that affected millions. In the months that followed, a string of similar POS data breaches emerged.
For consumers, this latest breach at LaCie may indeed appear connected. Financial data has been compromised, and steps to resolution are nearly identical: Keep an eye on your card, and cancel it if you suspect fraud. From a technical standpoint, however, things are not quite so similar. The malware involved in the string of POS data breaches that started late last year and continued into 2014 was a POS RAM scraper called BlackPOS. The malware involved in the breach at LaCie is different, and is actually part of a massive botnet that leverages a vulnerability present in outdated versions of a web application platform called Adobe Coldfusion, a platform that many website proprietors use.
Investigative journalist Brian Krebs has been following this malware since at least the beginning of March 2014. According to his research, this malware is behaviorally similar to Zeus, in that it is designed to “wake up” during sensitive transactions and “grab” data from user submitted forms. In addition to LaCie, Krebs has connected this malware to breaches affecting Smuckers Jams, SecurePay, and many other smaller companies – he lays it all out in detail here. Most surprisingly, Krebs also made mention of the possibility of a LaCie data breach on March 17th, 2014, nearly a month before LaCie’s official acknowledgement!
How can I deal with data breaches?
End users: The LaCie data breach and others like are the product of infected web servers that have been left vulnerable due to outdated software. As an end user shopping on the Internet from home, there is thus little one can do to repair a problem that very well might affect a computer located half-way across the world. If you regularly engage in eCommerce, it is therefore good practice to keep a close eye on the credit card you use to do so – even in the absence of official breach statements from proprietors. As Krebs March 17th blog post on LaCie clearly shows, it often takes quite some time for large corporations to fully investigate a breach and issue a warning to customers.
Website owners: Krebs’ latest post on LaCie purports that this latest compromise and the string of breaches connected to it have actually been instigated by a well-organized group of cyber criminals. The consistent revelation of breach after breach, with each breach leveraging unpatched versions of Adobe Coldfusion, means that website owners who haven’t already patched the software need to do so immediately. The same can be said for any software used on a web server: If updates are available, it’s usually best to install them. Cybercriminals tend to attack where there is the greatest probability of reward, and an unpatched web server engaging in financial transactions with multiple customers is a prime target. For this reason, many companies choose to outsource their eCommerce to a third-party service provider that specializes in secure online transactions. Businesses who run their own servers also invest in server-friendly anti-malware, such as Emsisoft Anti-Malware for Server.
While unfortunate, this latest breach and others like it can serve as useful reminders. All financial information involved in eCommerce transactions should be assumed to be at risk of comprise and should be regularly monitored. Furthermore, the road to a Malware-Free World is a two-way street, that requires the effort of both end users and website proprietors.
Have a nice (breach-free) day!
Emsisoft Knowledgebase: The Truth About CAPTCHA Cracking