Finance

FIN7’s New Malware Targets NCR-made ATMs

8 - 15 October 2019

The financially-motivated FIN7 group (aka Carbanak, Anunak and Cobalt) has added new tools that can hack into NCR-made ATMs.
Cyber_News_Finance

The financially-motivated FIN7 group (aka Carbanak, Anunak and Cobalt) has added new tools that can hack into NCR-made ATMs. In recent campaigns, FIN7 deploys Boostwrite, an in-memory dropper that decrypts embedded payloads after retrieving an encryption key from a remote server. Boostwrite then drops the RDFsniffer module, which loads itself into NCR’s RDFClient process. This allows the malware to monitor or alter connections made with the RDF Client as well as enables command injection into an active RDFClient session. Boostwrite also loads the multi-functional Carbanak backdoor, which has received minor alterations to evade traditional detection solutions.

References:

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence