Restaurants Targeted By Malware: New Attack Goes Undetected By Antivirus Tools
Security researchers have discovered a malware attack targeting restaurants throughout the United States that utilizes new techniques to go undetected by most antivirus software.
The strand of malicious software spotted by security firm Morphisec avoids detection by security tools by carrying out its operations from the computer memory rather than being written on the infected machine’s hard drive.
Read: Chipotle Hacked: Credit Card Breach, Malware Hit 'Most' Locations, Restaurant Reports
Despite its new method of evasion, this attack arrives similar to many other strands of malware before it: it comes attached in a booby-trapped Microsoft Word document sent as part of a phishing scam. The emails are tailored to the recipient, and the attached files often bears the name of the restaurant being targeted.
To install on the victim’s machine, Microsoft Word either needs to have Protected View—a feature that prevents users from opening files from unknown sources—disabled or the user has to bypass the warning to open the content of the file.
In either case, malicious code hidden in supposed Word document will create two separate files in two separate directories on the machine: the first creates a Windows task scheduled to execute the code stored in the second file.
By breaking the code into two parts and delaying the execution with the scheduled task, the attack can bypass most security tools that analyze malicious behavior by creating the appearance that the two files aren’t communicating with one another.
Read: Shoney's Hacked: Malware Hits 37 Shoney's Restaurants, Credit Card Credentials Stolen
Because of the technique FIN7 has used, which leaves no trace of the attack written directly to the hard drive, most antivirus programs are unable to detect it. 56 widely used security tools couldn’t identify the attack when tested by Virus Total.
The novel attack isn’t the first to use such a tactic to avoid detection, but prior cases were usually carried out by state-sponsored actors going after high-profile targets. In this case, a hacking group known as FIN7 is using the attack for financially motivated reasons.
"FIN7 constantly upgrades their attacks and evasion techniques, thus becoming even more dangerous and unpredictable," Morphisec Vice President of Research and Development Michael Gorelik wrote in a blog post identifying the attack. "The analysis of this attack shows, how easy it is for them to bypass static, dynamic and behavior-based solutions. These attacks pose a severe risk to enterprises.”
Restaurants in the U.S. have already been subject to a number of malware attacks in recent months, primarily targeted toward the point-of-sales systems that process transactions.
Chipotle disclosed that “most” of its locations were hit by malware earlier this year that was capable of stealing cardholder names along with card numbers, expiration dates and verification codes. Similarly, a number of Shoney’s restaurant locations were hit by an attack that resulted in customer credit card information being compromised.
Newsweek’s Structure Security conference on Sept. 26-27 in San Francisco will highlight the best practices that security professionals are using to protect some of the world's largest companies and institutions, join us for two days of talks, workshops and networking sessions with key industry players - register now.
© Copyright IBTimes 2024. All rights reserved.