Search results for: carbanak


MITRE Engenuity launches ATT&CK Evaluations for ICS

MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems (ICS). The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware. TRITON malware TRITON malware targets safety systems, preventing operators from responding to failures, hazards and other unsafe conditions, potentially causing physical destruction that can lead to fatal consequences. Russia’s Central Scientific Research Institute of Chemistry and Mechanics developed TRITON, which … More

SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab

SafeBreach announced the addition of new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, providing seamless access to SafeBreach’s continuous security validation platform, to allow users to test their environment and device configurations. This empowers security teams to test the efficacy of their endpoint solution instantly and accurately against top of mind threats, now including FIN7 threat group (using Carbanak malware) as well as the SolarWinds software compromise. The evaluation lab in Microsoft … More


Why cybersecurity products always defy traditional user reviews

I read with interest the latest batch of evaluation data from MITRE on various endpoint solutions, this time focusing on the detect, response and containment of these various solutions against malware created by FIN7 and CARBANAK threat groups. While academically interesting, it illustrates the difficulty in giving reviews to cybersecurity products in the endpoint protection category and trying to attribute a “best” label to a specific product in a specific category (be it endpoint or … More

MITRE Engenuity to assess commercial cybersecurity products’ ability to detect threats

MITRE Engenuity will assess commercial cybersecurity products’ ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. Applications for evaluation are available through May 28. Analysts believe that Sandworm used data encryption to incur more than $10 billion in damage to industry in attacks with its NotPetya malware. The group is also widely suspected of … More


Attackers disrupting COVID-19 efforts and critical supply chains

Cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic, IBM Security reveals. In 2020 attackers were observed pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain. According to the report, cyberattacks on healthcare, manufacturing, and energy doubled from the … More


Three ways MITRE ATT&CK can improve your organizational security

There’s a good reason everyone’s talking about MITRE ATT&CK: it’s an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it’s not always clear how you can use it to improve your own organizational security. In this article, I’ll lay out how you can use ATT&CK for the greatest effect. It’s worth going over some basics: ATT&CK … More


Threats financial organizations will face in 2019

What type of threats will financial services and banking organizations face in 2019? According to IntSights Cyber Intelligence, they should be prepared for breaches effected through compromise of established vendor software or SaaS products, and vulnerable third-party, open source software implemented in the applications they use. Also: extortion attempts. “Regulation fines and brand reputation damage can be way more costly than downtime or lost data. Given the large fines for GDPR laws and massive data … More


Week in review: Hacking intelligent buildings, trust in critical systems under attack

Here’s an overview of some of last week’s most interesting news and articles: The current state of USB data protection The vast majority of employees rely on USB devices. In fact, nine out of 10 employees rely on USB devices today and 69 percent of respondents maintain that USB drives increase workplace productivity. Macro-less word document attacks on the rise Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft … More


Gang leader behind malware attacks targeting 100 financial institutions arrested in Spain

The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies. Since 2013, the cybercrime gang have attempted to attack banks, e-payment systems and financial institutions using pieces of malware they … More


ATM hackers switch to network-based attacks

More and more attacks against ATMs are network-based, Trend Micro researchers have found. Since the discovery of the first ATM malware back in 2009, criminals have concentrated on opening the ATM’s case and accessing the machine’s internals to boot the malware up from an external USB or CD. But lately, as banks have ramped up efforts to protect the machines from physical attacks, criminals have begun switching infection vectors. “Network infections require more work and … More


US restaurants targeted with fileless malware

Morphisec researchers have spotted another attack campaign using fileless malware that is believed to be mounted by the infamous FIN7 hacking group. The goal of the campaign is to gain control of the target businesses’ systems, install a backdoor, and through it perform continual exfiltration of financial information. “Like past attacks, the initial infection vector is a malicious Word document attached to a phishing email that is well-tailored to the targeted business and its day-to-day … More

fish phishing

Clever spear-phishing emails hit employees involved in SEC filings

FireEye has flagged a sophisticated spear-phishing campaign hitting US-based businesses with emails purportedly coming from the US Securities and Exchange Commission (SEC). The emails look like they’ve been sent by a SEC employee, address the recipients by name, and urge them to download a Word document containing important changes regarding Form 10-K, an annual financial performance report required by the organization. The malware The malicious attachment drops two PowerShell backdoors. One is fileless and resides … More