Recent Posts

Recent Blog Posts

The PhishLabs Blog

P.F. Chang's goes vintage post-breach, Feedly fights DDoS extortion, and more | TWIC - June 13, 2014

Posted by Stacy Shelley on Jun 13, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Faced with a DDoS extortion threat, Feedly decided not to pay up. It may be more painful in the short term, but it is the right decision in the long run. Attackers depend on victims not fighting back. If you can prove you're a hard target, you're less likely to be targeted in the future than victims that pay up. Some additional thoughts on handling DDoS extortion.

Soon after a report of payment card data stolen from P.F. Chang's being up for sale on an underground "dumps" shop, the restaurant chain announced they had indeed been breached. Unlike other breach victims, P.F. Chang's decided to move back in history by switching to manual card imprinting and dial-up card readers to protect diners. Not ideal, but better than using a compromised payment system.

According to FCC Chairman Wheeler, the agency will be pressuring ISPs to implement better measures to protect DNS, prevent IP hijacking (like BGP hijacking), and deal with botnet infrastructure in their networks. 

One lesson here is to always make sure changing default passwords is a part of provisioning and deployment operations. Another lesson is to frequently check high risk systems (like ATM machines!) to make sure this sort of obvious vulnerability is not overlooked.

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all