Cybersecurity Threat Advisory: Disguised Windows Files and Documentation
Posted on September 20, 2021 by Mike Beagles
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
Today there is a new critical alert that requires the mission-critical community’s immediate attention.
What is the Threat?
Why Is it Noteworthy?
According to the U.S. Department of Justice, FIN7 is responsible for stealing million 15 million credit-card records from 6,500 POS terminals since 2018. Additionally, the group reportedly has ties to other cyberattack groups, such as Carbanak and the notorious REvil ransomware gang. This campaign of malicious Word documents creates a backdoor for cyberattackers on the compromised machine, which then provides them with full access to the device and the potential to move laterally within the network. Future collaboration with other threat groups such as REvil would enable the seamless distribution of ransomware or other forms of malware through the backdoor created by this threat.
What Is the Risk?
What are the Recommendations?
MCP recommends the following actions:
- Block the following IOCs on any firewalls
- Continuously train employees on security awareness and recognizing phishing attacks, as most malicious documents of this nature come via phishing campaigns.
- Ensure that antivirus definitions are up to date.
For more in-depth information about the recommendations, please visit the following links:
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety and justice entities and other critical infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.