Cybersecurity in 120 Secs: Cyber-Attacks on Banks

Cyber-Security in 120 Secs Cyber-Attacks on Banks.png

This week, there seems to be a focus on financial systems being a target of cyber-attacks with a fileless malware that has hit at least 140 enterprise networks, a massive malware attack hit Polish banks that stemmed from their financial regulator and another PoS attack was published, that hit twelve InterContinental hotels. (enSilo endpoint security portects against this, and more.)

Highlighting the cybersecurity news from the past week in a 120 second read. Starting now.

Bank Cyber-Attacks

  1. Fileless malware is targeting banks. It was first discovered in 2014, but withheld from being public.

Why is this significant?

  • 140 enterprise networks were already hit and likely many more due to this threat being so difficult to detect. This malware is executed directly into the device’s RAM/memory, then the “payloads are directly injected into the memory of running processes.”
  • Forensics indicates that that the attackers” leveraged Windows PowerShell to load the Meterpreter code directly into memory rather than writing it to the disk.” Then the attackers wiped their trail, by hiding the PowerShell commands into the Windows registry.
  • Fileless malware is difficult to detect by AVs and NGAV that are built around detecting malicious files. However, the damage caused by malware once within could be prevented in real-time. Thus the goal of the attacker is never realized.

Read the full story on The Hacker News.

  1. A massive attack on Polish banks with malware being traced back from financial regulator.

Why is this significant?

  • After several banks reported “unusual network traffic and found encrypted executables on several servers.” The banks began sharing information between each other and more banks came forward reporting similar issues.
  • Financial Supervision Authority (KNF), the Polish financial regulator confirmed that their internal systems had been compromised by someone “from another country.” Threat actors typically use a proxy server to masquerade their addresses and avoid attribution.
  • After it was discovered that KNF’s servers were spreading malware to the banks, a decision was made to take KNF's entire system offline, “in order to secure evidence.”

Read the full story on The Register.

(Read more about keeping financial institutions safe.)


InterContinental Group confirms 12 of their hotels were breached.

Why is this significant?

  • Apparently, this breach took place from August-December of 2016.
  • It is unknown how which locations were affected, but it looks to be another PoS malware attack.
  • In December 2016, a cyber-security company was hired to investigate a possible breach. InterContinental's Kimpton Hotels announced a breach in August. Last year, there was a string of malware attacks on hotels that reported similar breaches hitting: Hilton, Hyatt, Kimpton, Mandarin Oriental, Starwood, Trump, and White Lodging hotels

Read the full story on Forbes.

Read more about how attacks on retail PoS systems are on the rise.

Endpoint protection is what enSilo does.

Sign Up for a Demo Today

Related Blog Posts