There are many different types of threats among the landscape, including almost innumerable strains of malware. Some of these are designed to damage and disrupt, whereas others are for the purpose of purloining data and funds. Malware can be cleverly created to insidiously infect systems and remain hidden while it continues to perform its malicious functions. In fact, many organizations do not even realize their systems are infected until months later when the malware has already taken root and been performing its job for some time. A recent incident of a malware attack involved Avanti Markets, and it resulted in financial data being stolen.
Avanti Markets offers micro markets with kiosks within company break rooms, allowing employees to purchase drinks and snacks during their day. A recent posting from Avanti disclosed that they had discovered a malware infection within many of their kiosks on July 4th, though the exact number is unknown. They say that not all of their kiosks are used or configured in the same way, meaning some may have been affected, whereas others may have not. The information targeted in the attack included cardholder’s first and last names, debit and credit card info, and expiration dates. Furthermore, Avanti said that additional information like names and email addresses may have been affected in some kiosks which used fingerprint scans for payment, meaning that some biometric data may have been stolen as well. They are currently working with federal law enforcement in investigating the breach to determine the scope and who was affected, and they plan on releasing further information to customers. Current information indicates that they have not determined the source of the breach yet, or when the initial infection occurred.
Avanti’s Handling of the Breach
The company has offered a series of suggestions to customers in regard to their data. This includes placing a fraud alert or freeze with credit agencies, checking their credit report, reviewing bank statements for suspicious activity. They also suggest contacting official offices in regard to any occurrence of identity theft, such as the FTC, attorney general’s office, and law enforcement. Avanti has said that they are working to make credit monitoring services available at no cost to those affected, and will offer information about this shortly. They also said that they will be setting up a call center to answer any questions regarding the incident. It appears that Avanti is really taking responsibility for this incident, and working to ensure that it is fully handled and their customers are properly protected now and in the future.
The Importance of Cyber Security Monitoring
There is a wide variety of tools and services now available to organizations to help protect their data, but one that many do not employ is cyber security monitoring. As mentioned above, it frequently occurs that threats within systems will go unnoticed for extended periods of time, but monitoring helps to reduce the incidence of this. Through the implementation of proper monitoring, IT staff or an analyst can be immediately alerted to any anomaly or indicator. They can then investigate the alert, and handle or expel it if turning out to be malicious. Most organizations do not have this type of visibility over their various cyber components, which allows threats to enter and perform their tasks for some time before they are discovered and handled. Massive Alliance offers comprehensive cyber security monitoring services that can provide an organization much more awareness over their networks and systems.