New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Edenred Payment Solutions Malware Incident

Payment solutions giant Edenred today revealed in a statement that a malware incident affected an undisclosed number of its computing systems. The company has opened an investigation to establish the extent of the infection. Edenred is a French company that operates an intermediation platform spanning 46 countries and connecting 50 million employees and two million partner merchants via 830,000 corporate clients. “Upon detection of the attack, Edenred immediately implemented countermeasures to prevent further infection in accordance with Edenred’s established cybersecurity policies,” the company said in a statement published November 21st, 2019. The company also stated that it was notifying all relevant government regulators and authorities of the malware incident. Edenred has not provided any further information on the incident at this time.

Analyst Notes

Very little is known about this incident, but there are some pro-active steps that organizations can take to prevent or minimize malware damage. Educating employees on how to recognize phishing, the primary method of virus distribution, should be a priority. Publishing training bulletins is insufficient–instead, provide employees examples of types of phishing emails through active testing and phishing simulation. It is also recommended to either perform or have a third-party agency perform routine penetration tests on critical systems, especially those used for financial services or payment processing. Companies like TrustedSec are experts at performing penetration tests and providing practical advice for improving security measures. Endpoint detection systems are crucial in any company’s infrastructure–these systems are capable of detecting signs of attacker behavior and giving defenders the chance to shut down attacks before they have a chance to do serious damage. The Binary Defense Security Operations Center is able to provide a 24 hour a day service that keeps an eye on systems and responds quickly to mitigate attacks, even outside of business hours.