What Are Fileless Banking Attackers Really After?
In February 2017, Kaspersky published research on fileless malware attacks against enterprise networks. It contained description of the data collected during incident response in several financial institutions around the world, exploring how attackers moved through enterprise networks leaving no traces on the hard drives. The goal of these attackers was money, and the best way to cash out and leave no record of transactions is through the remote administration of ATMs. This time, the company’s experts made a research into the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.
Lessons from Stage 1: fileless malware attacks against enterprise networks
- This attack shows how no malware samples are needed for successful exfiltration of a network.
- The use of common tools combined with different tricks makes detection very hard.
- The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware. That is why memory forensics is becoming critical to the analysis of malware and its functions.
- Incident response is the key.
Lessons from Stage 2: ATMitch
- Banks should protect their ATMs, not only bank infrastructure!
- Kaspersky Embedded Systems Security is the answer
Learn how a network can be breached using hidden malware. Over 140 organizations around the world were hit like this.READ MORE >
Kaspersky examine near-future threats to ATMs, investigating how cybercriminals could exploit new ATM authentication technologies planned by banksREAD MORE >
Discovered in 2009, Skimer was the first malware to target ATMs. Seven years later, cybercriminals are reusing it: both the crooks and the program have evolved.READ MORE >
Kaspersky experts discover why it’s so easy to make an ATM obey hacker commands.READ MORE >