FIN8 is Back, Targeting Hotel PoS Systems
NJCCIC Alert
Original Release Date: 2019-06-19
The hacking group FIN8 is back after a two-year hiatus. According to cybersecurity firm Morphisec, the group is targeting point-of-sale (PoS) systems at companies in the hospitality sector using a new variant of the PunchBuggy/ShellTea backdoor. This backdoor downloads PowerShell code that collects network and user information. The group reportedly targeted at least one hotel located in the US.
The NJCCIC recommends individuals ensure they are using chip-and-PIN cards for payments, as opposed to swiping, and for administrators to keep PoS systems updated and behind a firewall. More information and technical details can be found in the Morphisec blog post.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.