Finance

IcedID Trojan Expands Scope to Include E-Commerce Vendors

4 - 12 February 2019

IcedID trojan operators have been targeting e-commerce vendors in the US to steal access credentials and payment card data since November 2018.
Cyber_News_Finance
IcedID trojan operators have been targeting e-commerce vendors in the US to steal access credentials and payment card data since November 2018. The malware is distributed via malspam and the Emotet downloader, which contain macro-embedded Office attachments or links to download the malicious Office documents. After the malware is installed, the attackers use the publicly available Automatic Transaction System (ATS) Engine to launch injection attacks, update injections methods, parse stolen data, and orchestrate fraudulent transactions. Using the commercial web-based control panel also reduces exposure of the malware's Command and Control server. The expanded attack scope beyond the banking sector may suggest that IcedID operators are pursuing a malware-as-a-service model to seek new revenue streams. 

References:
[1] IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence