Contact Us
Blog

8 Immediate Steps post resurfacing of Fake Response Malware

Fake response malware

Recent media articles pertaining to Malware Attack on the payment switch application of one oldest co-operative and losses been reported is disturbing for us at SISA.

SISA on 20th December 2017 had issued a global advisory warning banks that cyber criminals were identified who were using fake response malware to inject malicious script to payment switch servers for generating fake response messages to the request received from payment brands.

However, considering the resurfacing of this attack, more importantly, as part of our PFI activity the intruder is there in the system for more than a year. Hence, we can’t prevent a breach, but at-least, we will be able to stop lateral movement and egress point. Unless there is egress, the intruder hasn’t succeeded.

We are recommend the following immediate steps that banks can implement proactively in order to secure the payment switch applications and network environment:

  1. Enable multi-factor authentication for any users to login to the Switch Application Server
  2. Enable IP table to restrict only authorized systems access to the switch server
  3. Reset the password of all privileged users in the Switch Application Server
  4. Reach out to your Payment Forensic Investigator (PFI), authorized by the payment brands and listed on PCI Council website, within 24 hours of any suspicion
  5. Conduct a credential based vulnerability assessment scan. A non-credential based vulnerability assessment scan has limitations in identifying all the vulnerabilities present in the servers/network components.
  6. Conduct web application penetration testing for all web-interfaces present in the network. All applications which have a web-interface, whether internal or external needs to be tested.
  7. Instruct your Security Operations Centre to identify any similar Indicators of Compromise (IOCs). Also as part of the S-SOC operations, have thread hunting activity carried out for this particular IOC.
  8. Ensure PCI DSS certification for scoped environment and deploy PA-DSS validated application by Authorized QSA’s listed on PCI Security Standard council website.

 

Site Name

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive, detective, and corrective cybersecurity solutions. Our problem-first, human-centric approach helps businesses strengthen their cybersecurity posture.

Industry recognition by CREST, CERT-In and PCI SSC serves as a testament to our skill, knowledge, and competence.

We apply the power of forensic intelligence and advanced technology to offer true security to 2,000+ customers in 40+ countries.

Company

Services

Resources

Quick Links

Connect with us

Copyright © 2024 SISA. All Rights Reserved.
SISA’s Latest
close slider

Knowledge Lounge

Newly Launched: SISA’s Knowledge Lounge

Weekly Threat Watch

SISA Weekly Threat Watch, 01 January 2024

Agent Tesla exploits MS Excel flaw in ongoing phishing attacks

Blog

xss test

Webinar

Data Privacy trends in 2023 & their impact on data security strategy

Case Study

testing for ssti

Whitepaper

SISA – Canvas Edition2

Events

SISA at RSA CONFERENCE 2024

Infosec Report

SISA Top 5 Forensics Driven Learnings Report 2022 Cover

SISA Top 5 Forensics Driven Learnings 2022-23

Sign up for SISA's Daily
Threat Watch Advisory
Subscribe now!