author photo
By SecureWorld News Team
Mon | Oct 9, 2017 | 1:32 PM PDT

A new security research report says those behind FIN7 attacks on the retail and point-of-sale (POS) sector are outsmarting single layer, signature-based virus detection.

"FIN7 has been constantly adapting their phishing documents in order to evade detection—their latest update has initial detections on VirusTotal of 0/59 and 1/59 for the RTF and DOCX formats, respectively," say researchers with ICEBRG's Security Research Team (SRT).

FIN7's modus operandi is to use phishing techniques to gain network access through those working in retail, then pivot over to that outlet's Point of Sale System to capture card and payment data. And these attacks are becoming more sophisticated.

"Recently, ICEBRG observed a shift in techniques including a modified payload that uses a new embedded file type. Additionally, FIN7 has modified the obfuscation utilized by their HALFBAKED backdoor—likely to avoid detection in new or ongoing campaigns."

Figure 1


"... the HALFBAKED backdoor now includes a built-in command called 'getNK2'... is designed to retrieve the victim’s Microsoft Outlook email client auto-complete list. This may suggest the actor’s desire to obtain new phishing targets within a victim organization."

You can read the FIN7 methodology update which includes news that FIN7's backdoor continues to get better, for the bad actors.

Cybersecurity is proving to be like the stock market, where "Past performance is no guarantee of future results."

We've kept cyber attackers out today, but can we do it again tomorrow?

For the latest cybersecurity news follow SecureWorld on LinkedInTwitter, or Facebook.