Advanced nation-state and cybercrime groups increasingly are hiding behind legitimate Microsoft Windows functions to mask their hacks – and their latest method ups the ante in abuses of the basic command prompt.
The FIN7, aka Carbanak, cybercrime gang known for attacking banks and most recently, the hospitality and restaurant industries, last year was spotted by FireEye exploiting the cmd.exe Windows binary. The unique use of their technique inspired Daniel Bohannon, senior applied security researcher for Mandiant, a FireEye company, to create a tool that helps organizations better defend against attackers who hide their payloads behind the legitimate Windows commands.
