SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
16 May 2016

Windows zero-day exposes companies to credit card data theft

Some of the attacks launched in March by a financially-motivated threat actor against organizations in North America involved a zero-day privilege escalation vulnerability affecting Windows.

According to FireEye, this sophisticated cybercrime group targeted more than 100 companies — mainly in the retail, hospitality and restaurant sectors.

The attackers used spear-phishing emails and malicious macro-enabled Word documents to deliver PUNCHBUGGY, a DLL downloader that allowed them to interact with the compromised system and move laterally in the victim’s network. The threat group has also leveraged a point-of-sale (PoS) malware, dubbed by FireEye “PUNCHTRACK,” to steal Track 1 and Track 2 payment card data from infected devices. Researchers noted that the malware is loaded and executed by a highly obfuscated launcher and it’s designed never to touch the device’s disk.

In some of the attacks observed by FireEye in March, the threat actor relied on a local privilege escalation vulnerability in Windows (CVE-2016-0167) that was unknown at the time. The security firm reported spotting the zero-day exploit in limited targeted attacks dating back to March 8. Microsoft patched the flaw on April 12 with the MS16-039 bulletin and further strengthened Windows against similar attacks with an update released this week (MS16-062).

Researchers said the attackers first compromised the targeted systems and achieved remote code execution via the malicious documents attached to spear-phishing emails, and then they used the CVE-2016-0167 exploit to run code with SYSTEM privileges. FireEye has been monitoring this threat group for the past year and determined that it’s the only threat actor to use the PUNCHBUGGY downloader and the PUNCHTRACK PoS malware in its operations.

“This actor has conducted operations on a large scale and at a rapid pace, displaying a level of operational awareness and ability to adapt their operations on the fly. These abilities, combined with targeted usage of a [privilege escalation] exploit and the reconnaissance required to individually tailor phishing emails to victims, potentially speaks to the threat actors’ operational maturity and sophistication,” FireEye researchers wrote in a blog post.

This is not the only sophisticated cybercrime group monitored by FireEye. Last month, the company detailed the activities of a threat actor dubbed “FIN6” that stole millions of payment card records from PoS systems. Experts believe FIN6 could have made a significant profit after selling the stolen information on an underground marketplace.

Tags:
Windows information leaks USA
Source:
SecurityWeek
1418
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015