IHG Announces Full List of Properties in Credit Card Breach

InterContinental Hotel Group (IHG), parent company of Crowne Plaza and Holiday Inn, announced its full list of properties impacted by the credit card breach last year. According to IHG, between August 2016 and December 2016 malware was found on its servers used to process credit cards. For a full list of IHG’s impacted properties click here.

According to IHG’s report, “Findings show that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties. Cards used at the front desk of these properties were not affected.”

The report goes on to say the malware searched for track data, including: cardholder name, card number, expiration date, and internal verification code, which was taken from the magnetic stripe of the card as it was being transmitted through the affected server.   

Malware has been the source of most of the credit card breaches in recent years. It is usually installed by hacked remote administration tools, according to KerbsOnSecurity. Once the malware is installed onto the devices the attacker can remotely gather data from each card swiped on that device. The stolen data can then be embedded on any card with a magnetic stripe and used for purchases.

IHG has been working with security firms to review their current security policies, confirm that the affected servers have been remediated and evaluate how to enhance their security.“We have also notified law enforcement and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards,” Says IHG.

The investigation is ongoing and no one knows the actual scope of this breach.

If you were a patron at any of the affected areas during August 2016 to December 2016, please watch your credit card statements carefully and report any fraudulent charges to your credit card company immediately.

Is Online Shopping as Dangerous as We Think?

Millions of consumers are online shopping as we speak.  Double that number on Cyber Monday and any time around Christmas. Being able to have your credit card information stolen online is a very common thought. Many think that it is the easiest way to be hacked.

The CEO of penetration testing firm Night Lion Security, Vinny Troia, says differently.  Online shoppers are much less susceptible to being hacked then out shopping. Being in your home and on a safe network does a great deal.

Even when you think about getting your wallet stolen or a phone being able to detect your credit card number through your wallet, it’s crazy.  Although it is possible, and has happened in the past – online shopping is not what you think. The advice we get from Troia is vital.

Watch Troia’s most recent appearance on CNBC below for even more advice on how to be safe during the Holiday Season.

Credit Card Skimmers striking at gas stations

Most people don’t even think twice when inserting their credit cards into the machine to get gas. But you can never be careless when dealing with credit cards unfortunately.

St. Louis, as well as a ton of places in the U.S., have been experiencing a rise in credit card skimming devices at gas stations. The reason gas pumps are more popular for skimming devices than ATMs is because the keys to get inside the pumps are much easier to access and can even be sold online.

Vinny Troia, Digital Forensics Investigator and CEO of Night Lion Security, said that skimming devices are very hard to avoid and even the new credit cards with the chip won’t prevent you from being hacked. The only thing you can do, Troia explained, is to check your credit card statements daily.

Watch the video from FOX 2 News here. 

Apple fighting against the FBI

A big issue right now is the battle between the FBI and Apple over an iPhone salvaged from the investigation of the San Bernardino massacre in December. Apple was asked by the FBI to help hack into the phone and Apple had declined. Following that, the FBI sent Apple a court order to create a forensics tool and Apple is trying to fight this.

Apple’s recognized for their guaranteed user privacy, so the Feds have blamed Apple for putting their brand image above a terrorism investigation. The reason why Apple does not want to create this tool is because it will be extremely dangerous since it would end up becoming public. When it becomes public, that means it’ll be usable by any law enforcement, foreign governments and criminal organizations.

There are two feasible sides to this issue but to protect all devices in the future, I’m siding with Apple.

Visit New York Digital Forensics Company for any questions or in need of a free consultation.

Hacks on WordPress sites deliver malware to visitors

WordPress sites are experiencing a large increase in hacks that deliver malware and ransomware to first-time, unsuspecting users. It is not yet clear how this is happening but it is being looked into extensively. No one should be visiting WordPress sites with out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer. With these outdated systems, you can find your computers infected with the ransomware package, which puts a hold on your computer system until you pay a hefty ransom.

To disguise the attack furthermore, the code redirects users through a series of sites before delivering the malware. It is possible that hackers are regularly updating malware when old ones get flagged.

This shows that trustworthy sites can still expose you to malware and hacks. The best way to prevent hacks is to be up-to-date on security updates when they become available.

Business malware removal

New Cyber Security plan offered by White House

The White House has just created a whole new cyber security plan that aims to strengthen computer networks against cyber attacks. The plan believes to cost about $19 billion, which is a 35% increase in the cyber security budget. The money would be used in the fiscal year that starts October 1st until September 30, 2017, according to an article from Wall Street Journal. Hackers have a huge advantage over us and we experience cyber attacks almost every week.

The plan would include renovating outdated computer systems because it is easier for hackers to get in with old equipment. Also the plan includes recruiting and training people for federal jobs that center on cyber security. With this plan the White House expects to reduce cyber attacks and increase government response rates.

Click here to read more on the article.

Identity theft Increases during tax season

Identity theft has become an increasingly large issue throughout the world. Unfortunately, it is an even bigger issue around tax season, according to a video from KSDK. Last year alone 500,000 people complained of stolen identity and about half occurred during tax season.

The only things you can do to prevent identity fraud is by filing your taxes earlier and using an IRS pin number to file safely. Vinny Troia, Cyber Security Expert and CEO of Night Lion Security, explained how the IRS pin is the main way to avoid a stolen identity because the pin is only assigned to one person and no one else can file your taxes for you unless they get the pin number.

Click here to watch the video to learn more.