How TA505 Targets Financial Institutions_

Webinar with Josh Trombley, SOC Analyst




In this webinar, Josh Trombley, SOC Analyst at Cybereason, will discuss a meticulously planned malicious operation against a financial institution in April of 2019. This advanced operation combines a targeted phishing attack with advanced tools that gather intel on the environment. The operation chooses whether or not to create persistence and installs a sophisticated backdoor called ServHelper used to take over the victim’s network.

You will learn:

  • How the Cybereason team discovered and analyzed a new variant of the ServHelper backdoor;
  • How TA505 targeted specific machines and attempted to create a backdoor into the organization’s network in order to covertly take control and exfiltrate data;
  • The different techniques this attack leveraged to evade detection, like the use of four different LOLBins, a selective persistence mechanism, and a signed and verified module; and
  • How TA505 targeted this attack to a specific organization to affect wide scale damage and the loss of critical data.

Financial institutions are among the top five most targeted organizations by cybercrime groups. In 2017 alone, banks lost $16.8 billion to cybercrime. Read about this new campaign by TA505 to learn more.