Widespread Brute Force Login Attempts

Number: AL17-003
Date: 16 February 2017

Purpose

The purpose of this alert is to bring attention to ongoing and widespread brute force login attempt activity observed targeting retail organizations.

Assessment

CCIRC has received reports from several retail sector companies concerning ongoing brute force login activity against their customer portals.  The malicious actors appear to be targeting retail organizations that have a customer reward or loyalty programs and are using compromised customer account credentials from other sources to steal earned rewards or points.  Customer rewards have a translatable cash-value, as they can typically be exchanged for gift cards and/or other merchandise/services or sold to a third party.

Malicious actors have leveraged several strategies and tactics in their malicious activities, including:

Access to customer accounts and customer data could also potentially facilitate the malicious actors to perform other fraudulent activities including phishing.

Suggested Action

CCIRC recommends that organizations review the following mitigation information and consider their implementation in the context of their network environment.

References:

Get CyberSafe Guide for Small and Medium Businesses:
https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/index-en.aspx%20-%20s6-2

Using Passwords:
https://www.getcybersafe.gc.ca/cnt/prtct-yrslf/prtctn-dntty/usng-psswrds-en.aspx

Spotting Malicious E-mail Messages:
https://www.cse-cst.gc.ca/en/node/237/html/2998

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: