Weekly Threat Report 6th October 2017

Created:  06 Oct 2017
Updated:  06 Oct 2017
NCSC building with logo
We would like your feedback on the Weekly Threat Report. Please send us your thoughts, suggestions and queries using our 'Contact Us' page.
This report is drawn from recent open source reporting

Whole Foods Market credit card data breach

Whole Foods Market, a US-headquartered supermarket with a small UK presence, has reported it is investigating a credit card breach. The store warned of unauthorised access to the credit card data of customers using restaurants and ‘tap rooms’ in its stores. The cards used by customers at store checkouts are not thought to have been affected. Investigations are still underway; however, it is likely the card data was acquired through compromised Point of Sale (PoS) devices. PoS devices are small electronic computers used to swipe credit cards at checkouts.

At this stage, the possibility of UK victims cannot be ruled out. However, all affected stores reported to date have been in the US and the US has typically been disproportionately affected by PoS card breaches due to the way US PoS terminals are used. This instance acts a timely reminder to all PoS operators of the potential for exploitation of software vulnerabilities within PoS terminals to acquire and exfiltrate large amounts of customer card data.

Data acquired from breaches such as this provides an additional attack vector for criminals. The stolen data can be used for fraud and spear-phishing attempts. Whole Foods’ separation of its PoS networks between its restaurants and stores reportedly limited the extent of the breach. Lessons can be learned from this on the segmentation of business networks where possible.

Whole Foods Market encourages its customers to closely monitor their card statements and report any unauthorised charges to the issuing bank. Customers are reminded to look out for small transactions, as this may indicate criminals testing that the card works before attempting larger transactions.

National Lottery Denial of Service

Cyber security research company We Live Security earlier this week reported that the UK National Lottery’s official website and associated app had suffered a Distributed Denial of Service (DDoS) attack. Thousands of customers were unable to enter the draw for Saturday night (30 September) during the 90-minute outage between 18:00 and 19:30. The National Lottery apologised for the inconvenience caused via their official Twitter page, also stating that their retail outlets were unaffected.

There has been some speculation that the “Phantom Squad” may have been responsible for the cyber attack. This group have claimed that they have previously spammed the National Lottery, as well as thousands of other companies, demanding they pay $720 worth of BitCoin or suffer a DDoS attack on 30 September. Phantom Squad have previously claimed responsibility for DDoS attacks launched against the PlayStation Network, Xbox Live, Steam, and other video gaming services.

Sources of help for organisations concerned about potential DDoS attacks include their service provider and DDoS mitigation providers. Further guidance on DDoS mitigation techniques.



The Cyber Security Information Sharing Partnership (CiSP) is a great way of learning more about threat information as well as engaging with industry and government counterparts. Follow the link below for more information.

Join CiSP

Was this report helpful?

We need your feedback to improve this content.

Yes No