A deadly new hacking group called Silence that preys on banks and other financial organisations has been identified launching attacks in countries including Russia and Malaysia.
Spearfishing emails are the preferred method of gaining entry for the group, and once access is gained the hackers remain inside the breached organisation for a long time.
During this period of time the hackers amass Intel to work out when would be most profitable time to strike, closely monitoring separate bank networks.
Due to this method of attack, the Silence Trojan is considered by Kaspersky Lab, identifier of the threat, to join previous cyber theft operations including GCMAN, Carbanak and Metel as being among the most complex and powerful of its kind.
While spearfishing may not be the most sophisticated form of attack, Kaspersky notes that the malicious attachments are. One click will spark a chain reaction of downloads that will trigger a dropper that seals the fate of the victim.
The attack is then able to communicate with the server, ultimately taking control and unleashing malicious payloads upon it.
Once inside the attackers can actually put a real-time video stream in place for spying on and watching the day to day activity of the victim, with screenshots easily being taken.
Sergey Lozhkin, security expert at Kaspersky Lab, said: “The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture.”
Steps to remain protected from this threat include having a specialised security solution that is a capable of detecting anomalies, eliminating security gaps, and implementing email processing rules that are tuned to defending against phishing, malicious attachments and spam.
This article is from the CBROnline archive: some formatting and images may not be present.