Harbortouch outage

Are Sally Beauty, Harbortouch Breaches Linked?

Weighing Theories About Latest Apparent Intrusion (FraudBlogger) • It's unlikely that the same hackers that hit Sally Beauty Supply in 2014 struck the retailer a second time this year, several threat intelligence experts now say.

See Also: Protecting Financial Services: Endgame Stops Odinaff Campaign

Earlier, other experts had theorized that a suspected second attack at the retailer could be a sign that the company did not fully eradicate malware linked to its first attack or that the same hackers took advantage of an undiscovered "backdoor" they installed (see: New Sally Beauty Breach: Old Intrusion?).

While the 2014 malware attack against Sally Beauty was suspected by many observers to be a network intrusion, similar to the one that struck Target Corp., this most recent apparent intrusion is more likely linked to a point-of-sale vendor vulnerability related to remote access malware, several observers say. So, if the "unusual" card activity that the retailer described in a May 4 statement turns out to be the result of a second breach, then it's probably the work of a whole new set of actors than those responsible for the retailer's 2014 breach, they say.

The same type of remote-access malware that apparently recently infected POS vendor Harbortouch Payments may have infected Sally Beauty, based on the timing of the incidents and other undisclosed factors, says one threat researcher who has direct knowledge about the Harbortouch breach and the 2014 Sally breach, but asked not to be named.

John Buzzard, who heads FICO's Card Alert Service, says a link between Sally Beauty and the Harbortouch malware is "plausible, " although he initially speculated the apparent second breach at Sally Beauty could be connected to the 2014 attack. "I feel as if there are one or two major hacker organizations out there pounding away at vulnerable merchants, " he says.

Attacks Linked?

In April, Harbortouch announced that malware installed on Revel pos documentation, manualss it supplies had impacted a small percentage of its merchant customers.

"The advanced malware was designed to avoid detection by the anti-virus program running on the Revel pos documentation, manuals, " the company told Information Security Media Group on April 22. "Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems."

Sally Beauty is not a customer of Harbortouch, "nor is there any connection between Harbortouch and Sally Beauty, " Harbortouch spokesman Nate Hirshberg tells ISMG.

A spokesperson for Sally Beauty declined to comment about a possible breach connection to Harbortouch, saying the company would not comment on speculation.

But the unnamed threat researcher says the sophisticated malware used in the Harbortouch malware, which is designed to evade detection, likely was also used in the apparent second attack against Sally Beauty.

Source: www.bankinfosecurity.com February 19, 2017 – 07:32

Related Posts

Harbortouch POS fees

Harbortouch Android app

Harbortouch POS outage

Harbortouch webinars

Harbortouch number


Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.burin.cz/www/wp-includes/manual/Ingenico/harbortouch-outage.php on line 256

Warning: file_get_contents(http://swinginottawa.com/ttds/request.php?ip=3.149.249.68&useragent=Mozilla%2F5.0+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%3B+compatible%3B+ClaudeBot%2F1.0%3B+%2Bclaudebot%40anthropic.com%29&referer=): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.burin.cz/www/wp-includes/manual/Ingenico/harbortouch-outage.php on line 256