Media reports that the UK subsidiary of Subway has been hit by a hack. The cybercriminals sent malicious emails to Subway customers and members of the Subcard loyalty program, allegedly containing order data, but in fact leading to the download of the TrickBot malware.
Let me remind you that TrickBot is a very dangerous malware that allows stealing saved passwords from the browser, can spread over the network, steal cookies, RDP, VNC and PuTTY credentials, and much more. Even worse, TrickBot may end up giving ransomware operators (like Ryuk or Conti) access to the infected system.
Since strange emails received by users contained real customer names and were directed to email addresses that some had created specifically for Subway, it was immediately suspected that the company had been hacked, and hackers gained access to the system used for marketing campaigns.
At first, the company only indirectly confirmed that a hacker attack took place:
“We are aware of some outages in our email systems and we understand that some of our guests have received unauthorized emails. We are currently investigating this issue and apologize for any inconvenience caused.”
However, a bit little later, Subway representatives told reporters that their server associated with mail campaigns had indeed been hacked:
“After investigating the incident, we have no evidence of hacking of our guests’ accounts. However, the system that runs our email campaigns has been compromised, resulting in a phishing campaign that uses the names and email addresses of [our users]. Our system does not store bank account numbers or credit card details”, — Subway representatives write and recommend deleting suspicious letters without opening them.
Subway has already begun sending out data breach emails to affected customers. These messages say that due to the attack, the names and email addresses of users were revealed to outsiders.
It is not yet clear how many people could have been affected by the incident, and whether the hackers could get to any data other than those mentioned above.
Let me remind you that New version of TrickBot malware can interfere with UEFI/BIOS.