This report highlights recent cyber threats targeting the financial sector, specifically focusing on malware and phishing incidents, credit card information leaks, database breaches, and ransomware attacks. Notable cases include the sale of Indian credit card details on forums, a significant database leak from Union**** bank, and ransomware infections affecting fintech companies. The report underscores the need for enhanced security protocols and monitoring to protect customer data. Affected: financial industry, Union**** bank, next**** fintech company, U.S. insurance company
Keypoints :
- Cyber threats and security issues are on the rise in the financial industry.
- Analysis includes malware and phishing cases, particularly targeting financial institutions.
- Details about leaked credit card information being auctioned on forums are highlighted.
- Significant database leak of employee information from Union**** bank in India.
- Ransomware group Fog attacks Indonesian fintech company next**** with substantial data theft.
- Threat actors are selling remote access permissions for internal systems of U.S. companies.
MITRE Techniques :
- Data Encrypted for Impact (T1486): The ransomware group Fog encrypted data belonging to next**** to compel a ransom.
- Credential Dumping (T1003): The threat actor claimed to have stolen local network user privileges from the U.S. insurance company.
- Data Exfiltration Over Command and Control Channel (T1041): The threat actor used GitLab to share stolen data from next****.
- Initial Access (T1078): Remote Desktop Web Access (RDWeb) of an American insurance company was compromised and sold in the cybercrime forum.
- Data Leak (T1041): Employee data from Union**** bank was leaked and showcased on BreachForums.
Indicator of Compromise :
- [MD5] 2a5ff24f34c7c80ae0fe9ad74ae3fb32
- [MD5] 53213dcf87be6e75581f88123bd04ce7
- [MD5] 7cd47b1553005cc9797c97316dc96477
- [MD5] 9ca11896ae53fa4e78b9b51ee8f2ae8f
- [MD5] 9e92e9ce7590ed22aa7d3f4cdbdc7a48
Full Story: https://asec.ahnlab.com/en/86831/