From Phish to Network Compromise in Two Hours
An investigation report of a May 2018 cyber attack on an East European bank reveals that the prolific Carbanak group (aka FIN7, Cobalt and Anunak) can achieve total network compromise in under two hours. From the initial compromise through spear phishing, the hackers installed a backdoor within minutes to maintain persistence. Additional payloads including a Cobalt Strike beacon were installed and within two hours the hackers had compromised a domain controller, which facilitated lateral movement across the network. Over the next two months, the attackers conducted further reconnaissance of the bank’s network with an aim to breach the ATM system while taking considerable effort to network signature low. The attack was only discovered after the stolen credentials were used on systems that the administrators normally would not access. If the attack had succeeded, the group would have deployed money mules to empty out multiple ATMs without triggering the alert system.
References:An APT Blueprint: Gaining New Visibility into Financial Threats (PDF)
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services