Weekly Threat Briefing: 70% of Presidential Campaigns Fail to Provide Adequate Online Privacy and Security Protections

Weekly Threat Briefing: 70% of Presidential Campaigns Fail to Provide Adequate Online Privacy and Security Protections

October 15, 2019 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: BEC, Botnet, Data breach, Data leak, FIN7, Phishing, Ransomware, Vulnerability, and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. https://www.anomali.com/products

FIN7

The financially-motivated threat group “FIN7” has been active since at least mid-2015 and has targeted various industries around the world with the objective of stealing financial data, primarily credit and debit card data. The group is Russian-speaking and operates on a global level. FIN7 is one of the most notorious financial groups that has been attributed to the theft of over 15 million payment card records and causing organizations around the world approximately one billion dollars (USD) in losses. In the United States (US) alone, the group has targeted over 100 companies and compromised the network of organizations in 47 states and the District of Columbia. The group primarily targets Point-of-Sale (POS) terminals that have a high usage to steal payment card data and utilizes a mix of custom and open-source malware and tools to attack its targets. FIN7 also created a fake computer security company called “Combi Security” to serve as a front of legitimacy and to recruit members to participate in their malicious activities. Combi Security is purported to be based in Russia and Israel. The group engages in social engineering techniques ranging from custom phishing emails and documents, to phone calls with store managers. The group will sell the financial data on various underground carding forums, or utilize the information themselves for fraudulent activities.

 
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.