(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Enlarge (credit: Unbiassed)

To understand why Carbanak is one of the Internet's most skilled and successful criminal groups, consider the recent spear-phishing campaign it used to infect computers in the hospitality and restaurant industries with malware that steals banking credentials.

One variation started with an e-mail threatening a lawsuit because a visitor got sick after eating at one of the company's restaurants. To increase the chances the attached Microsoft Word document is opened, the attackers personally follow up with a phone call encouraging the recipient to open the booby-trapped file and click inside. The attacker calls back a half-hour later to check if the recipient has opened the document. The attacker immediately hangs up in the event the answer is yes.

Behind the scenes, macros embedded inside the Word document infect the employee's computer with a trojan that surreptitiously takes screenshots and retrieves credit card data and other sensitive banking credentials. The trojan then attempts to infect other computers on the same network in an attempt to steal additional loot. And all because the attacker, who is halfway around the globe, made a compelling case that it was in the employee's best interests to open the document and allow the embedded macro to run.

Read 4 remaining paragraphs | Comments

 
Google Android Qualcomm Components CVE-2014-9946 Unspecified Security Vulnerability
 
Google Android Qualcomm Components CVE-2014-9950 Unspecified Security Vulnerability
 
Google Android Qualcomm Sound Driver CVE-2017-0611 Privilege Escalation Vulnerability
 
Google Android Mediaserver CVE-2017-0595 Privilege Escalation Vulnerability
 
Google Android Qualcomm Camera Driver CVE-2017-0629 Information Disclosure Vulnerability
 
Google Android Qualcomm Wi-Fi Driver CVE-2016-10283 Privilege Escalation Vulnerability
 
 
Google Android Motorola Bootloader CVE-2016-10277 Privilege Escalation Vulnerability
 
Google Android Qualcomm Driver CVE-2017-0614 Privilege Escalation Vulnerability
 
Google Android Qualcomm Bootloader CVE-2016-10276 Privilege Escalation Vulnerability
 
Google Android Qualcomm Bootloader CVE-2016-10275 Privilege Escalation Vulnerability
 
Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability
 
Google Android Qualcomm Sound Codec Driver CVE-2017-0632 Information Disclosure Vulnerability
 
Google Android Qualcomm CVE-2017-0612 Privilege Escalation Vulnerability
 
Google Android Mediaserver CVE-2017-0588 Remote Code Execution Vulnerability
 
Google Android Mediaserver CVE-2017-0589 Remote Code Execution Vulnerability
 
ImageMagick CVE-2017-8343 Denial of Service Vulnerability
 
Google Android File-based Encryption CVE-2017-0493 Information Disclosure Vulnerability
 
Zimbra Collaboration Suite CVE-2017-6821 Unspecified Security Vulnerability
 
Internet Storm Center Infocon Status