This week, there seems to be a focus on financial systems being a target of cyber-attacks with a file-less malware that has hit at least 140 enterprise networks, a massive malware attack hit Polish banks that stemmed from their financial regulator and another PoS attack was published, that hit 12 InterContinental hotels.
Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.
- File-less malware is targeting banks. It was first discovered in 2014, but withheld from being public.
Why is this significant:
- 140 enterprise networks were already hit and likely many more due to this threat being so difficult to detect. This malware is executed directly into the device’s RAM/memory, then the “payloads are directly injected into the memory of running processes.”
- Forensics indicates that that the attackers” leveraged Windows PowerShell to load the Meterpreter code directly into memory rather than writing it to the disk.” Then the attackers wiped their trail, by hiding the PowerShell commands into the Windows registry.
- Fileless malware is difficult to detect by AVs and NGAV that are built around detecting malicious files. However, the damage caused by malware once within could be prevented in real-time. Thus the goal of the attacker is never realized.
//** enSilo out-of-the-box protects against Fileless and PowerShell malware **//
Read the full story on The Hacker News
- A massive attack on Polish banks with malware being traced back from financial regulator.
Why is this significant?
- After several banks reported “unusual network traffic and found encrypted executables on several servers.” The banks began sharing information between each other and more banks came forward reporting similar issues.
- Financial Supervision Authority (KNF), the Polish financial regulator confirmed that their internal systems had been compromised by someone "from another country”. Threat actors typically use a proxy server to masquerade their addresses and avoid attribution.
- After it was discovered that KNF’s servers were spreading malware to the banks, a decision was made to take KNF's entire system offline, "in order to secure evidence."
Read the full story on The Register
**// Interested in knowing how to keep financial institutions safe? Read more here ///**
InterContinental Group confirms 12 of their hotels were breached.
Why is this significant?
- Apparently, this breach took place from August-December of 2016.
- It is unknown how which locations were affected, but it looks to be another PoS malware attack.
- In December 2016, a cyber-security company was hired to investigate a possible breach. InterContinental's Kimpton Hotels announced a breach in August. Last year, there was a string of malware attacks on hotels that reported similar breaches hitting: Hilton, Hyatt, Kimpton, Mandarin Oriental, Starwood, Trump, and White Lodging hotels
**// Did you know that attacks on PoS systems are on the rise? Read more here //**
Read the full story on Forbes