Thursday, Oct 01, 2020 | Last Update : 07:06 PM IST

189th Day Of Lockdown

Maharashtra1351153104994735751 Andhra Pradesh6811616123005745 Tamil Nadu5863975307089383 Karnataka5824584697508641 Uttar Pradesh3908753312705652 Delhi2730982407035272 West Bengal2505802198444837 Odisha212609177585866 Telangana1872111564311107 Kerala179923121264698 Bihar178882164537888 Assam169985139977655 Gujarat1332191132403417 Rajasthan1288591077181441 Haryana1237821059901307 Madhya Pradesh117588932382207 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   In Other news  03 Nov 2017  New Russian-speaking hacking group hunts for financial organizations

New Russian-speaking hacking group hunts for financial organizations

DECCAN CHRONICLE
Published : Nov 3, 2017, 1:04 pm IST
Updated : Nov 3, 2017, 1:04 pm IST

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper.
 The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper.

In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence.

While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing. Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations. Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails. The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper.

This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the- shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert at Kaspersky Lab.

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.

 

Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration

Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.

Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Tags: cyberattack, cybercrime, hacking