Search results for: carbanak


Week in review: Spoofing boarding pass QR codes, blocking USB-based threats

Here’s an overview of some of last week’s most interesting news, reviews and articles: Malware hidden in digitally signed executables can bypass AV protection Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all without triggering AV solutions. CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS When presenting results that build on previous research, it … More

Broken glass

Oracle-owned MICROS PoS systems vendor breached

MICROS, the point-of-sale payment systems vendor owned by Oracle, has suffered a data breach, and there are indicators that point to the infamous Carbanak (aka Anunak) cybercriminal gang being the culprit. MICROS is one of the biggest PoS vendors in the world – its PoS systems are used by many companies in the retail and hospitality industry, such as Ikea, BurgerKing, Starbucks, Hilton, Hyatt, Accor Hotels, and many others. According to Brian Krebs‘s sources, the … More


State of security: Human error and remembering the essentials

It seems that in a sea of complex digital ploys, companies are trying so hard to guard against the next big threat that they have forgotten the basics. From years of extensive experience managing a corporations’ most exclusive content, it is evident that most breaches are smaller in scale and tend to originate from internal sources. This year’s Verizon Data Breach Investigations Report (DBIR) echoes these thoughts as the findings follow a different trajectory from … More


Carbanak cyber-thieves’ newest attacks exposed

The infamous Carbanak group is again doing what it does best: attacks and compromises financial institutions, and tries to steal as much money as possible from them by taking advantage of their victim payment processing networks, ATM networks and transaction systems. Carbanak became a well-known name in February 2015, when Kaspersky Lab researchers shared what they knew about this gang, which has been operating since late 2013 and has stolen hundreds of millions of dollars … More


Week in review: Dyre gang takedown, and the most popular hacking methods

Here’s an overview of some of last week’s most interesting news and articles: Know your enemy: The most popular hacking methods Outsiders want to become insiders with the least possible effort, and insiders help them do so – mostly accidentally, according to Balabit. Russian hackers used malware to manipulate the Dollar/Ruble exchange rate Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system … More

Broken glass

The return of Carbanak: Banks face new attacks

A year after Kaspersky Lab warned that cyber-criminals would start to adopt the tools and tactics of nation-state backed APTs in order to rob banks, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN. They attack financial organizations using covert APT-style reconnaissance and customized malware along with legitimate software and new, innovative schemes to cash out. The Metel cyber-criminal group … More

Cybercriminals increasingly hunting down the money

The tools used by cyber-criminals against businesses in 2015 were different to those used against consumers, according to Kaspersky Lab’s review of corporate threats in the last twelve months. They included greater exploitation of legitimate software programs and malware being signed with valid digital signatures to keep malicious files hidden for longer. There was also a steady rise in the number of corporate users attacked by ransomware. Kaspersky Lab’s experts found that in 2015 58 … More

How attackers attempt to infect organizations

A new report by Palo Alto Networks, based on data from more than 7,000 enterprises worldwide, showcases real-world trends in enterprise application usage and critical developments in how attackers are attempting to infect organizations. Findings highlight the explosion in adoption of SaaS based applications, with the potential to introduce new security risks, or allow unauthorized access to sensitive data.Key findings:SaaS-based applications explode in popularity – The number of SaaS-based applications observed on enterprise networks has … More

Carbanak APT still targeting high-value financial institutions and casinos

The Anunak / Carbanak hacking group continues to target banks, but has also now hitting Forex-trading companies, casinos, and other institutions from which it can steal large amounts of money or (mis)usable payment card information.The group, whose techniques and goals were first revealed by Group-IB and Fox-IT in late 2014, and then by Kaspersky Lab researchers in February 2015, is a rare breed: an APT group that’s unlikely to be state-sponsored, and one that is … More


Knowledge base of malware intelligence enables rapid containment

The Lastline Knowledge Base (LLKB) launched at the RSA Conference 2015. The new software module can be combined with the Lastline Breach Detection Platform to give security professionals context around incidents to respond to and defend against active breaches. The structured data repository contains years of malware data that is updated continuously as new threats and relationships between them emerge.The LLKB lets security professionals dig into historical breaches, related IP addresses and the indicators of … More

NLPRank: An innovative tool for blocking APT malicious domains

Security researchers working at OpenDNS’ Security Labs have developed NLPRank, a new system that helps detect – quickly and relatively accurately – phishing and malware-download sites set up by APT threat actors. They got the idea while perusing the domain names used by the Carbanak, Anunak and DarkHotel APT groups. They noticed that the phishing emails sent to employees of the various targeted organizations included links to malicious domains whose names were constructed by using … More

Week in review: Gemalto SIM heist, Lenovo’s Superfish blunder, cyber spies compromising disk firmware

Here’s an overview of some of last week’s most interesting news and articles: Google relaxes its rigid 90-day bug disclosure period Google has announced that its 90-day vulnerability disclosure period will, from now on, be little longer if the situation warrants it. Carbanak cyber gang stole hundreds of millions from banks Since late 2013, an international cyber criminal group has been targeting banks around the world and has made off with $300 million – possibly … More