Finance

POS Malware Targets Finance, Insurance Companies

26 February - 5 March 2019

An ongoing point-of-sales (POS) malware campaign has been targeting finance, and insurance organisations in the US, Japan and India since February 2019.
Cyber_News_Finance
An ongoing point-of-sales (POS) malware campaign has been targeting finance, and insurance organisations in the US, Japan and India since February 2019. The initial infection vector is unknown, but the attacks use HTA files embedded with VBScripts to execute PowerShell commands through the Windows Management Instrumentation (WMI) interface. When successful, the scripts install the publicly available Cobalt Strike penetration testing tool, which allows lateral movement, credential harvesting and code execution. The affected POS systems are observed to be hosted on VMWare Horizon platform running a thin client. Some of the indicators suggest that the threat actors may be connected to FIN6, a group that specialises in stealing payment card data for monetisation in underground marketplace. 

References:
[1] New Global Attack on Point-of-Sale Systems
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence