The Wendy’s Breach–Closing the Window on Malware and Hidden Threats


The Wendy’s Breach – 1,025 restaurants impacted

Back in May Wendy’s announced they had been hit by a breach involving malware on the point of sale (POS) system. Originally thought to have impacted less than 300 of the fast-food chain’s locations, last week the company acknowledged that that breach was much worse than originally thought with 1,025 restaurants impacted.

Wendy’s is blaming the breach on an unnamed third-party service provider stating that the breach resulted from the vendor’s “remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ point-of-sale systems.” The malware targeted the payment card data including cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.

The company states it became aware of the issue in February when franchises first started reporting unusual payment card activity, but a forensic investigation reveals the malware was first inserted in the fall of 2015. Given how long it took to discover the extent of the breach, there’s no telling if they have closed the virtual drive-thru window on the hackers helping themselves to customer data.

Why wasn’t the breach discovered before hundreds of Wendy’s locations were compromised?

Hackers are getting increasingly more sophisticated. It is no longer enough to solely rely on real-time defense systems like anti-virus and perimeter defenses – time and time again hackers have demonstrated these systems can be penetrated. Companies need to start acknowledging that their systems will be targeted, and despite existing defenses, will be breached. The key to discovering malware and hidden persistent compromises is to actively hunt for them. Persistent compromises, like the one at Wendy’s, rely on the ability to remain hidden for months, even years, while they quietly and effectively penetrate your systems to steal your data and IP. The longer they can maintain a foothold in your systems, the more lucrative it is for them.

Active threat hunting needs to become part of modern cyber defenses to detect compromises and stop unauthorized access. While threat hunting includes some activities that defenders have historically used such as log analysis and incident response techniques, there are new technologies that can assist you with the hunting process to improve the speed and efficacy of your hunt program. These tools automate the search for threats and empower your internal security teams to hunt without specialized knowledge. And the faster you can identify and remove a threat, the less harm it can do.

The only way to get ahead of today’s cyber attacks is to change our security mindset and assume we will be breached. Based on our experience, anyone who claims they have never been breached has simply never looked hard enough.

Learn more about automated cyber threat hunting and how our threat hunting tools help security teams hunt, contain, and eliminate adversaries already hiding on your network.

See Infocyte HUNT in Action. Request a Live Demo.

Request a Live Demo of Our Award-winning Threat Hunting and Incident Response Platform.

More from our blog

cybersecurity siem alert validation fatigue

Security Brief: SIEM Alert Validation and the Dangers of Alert Fatigue

March 27, 2019

Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.

Read More »
2018 healthcare data breaches report

5 Takeaways From Reviewing 2018’s Healthcare Data Breaches

March 19, 2019

In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…

Read More »
hidden cyber attacks

Hunting, Detecting, and Responding to Hidden Threats Using FSA

March 12, 2019

A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…

Read More »