View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 1, 2017updated 06 Jul 2022 8:59am

Banks stunned into Silence by deadly new cyberattack

The attack method chosen by Silence involves spying on the victim for a long period of time, gathering intel to find out the best time to strike.

By Tom Ball

A deadly new hacking group called Silence that preys on banks and other financial organisations has been identified launching attacks in countries including Russia and Malaysia.

Spearfishing emails are the preferred method of gaining entry for the group, and once access is gained the hackers remain inside the breached organisation for a long time.

During this period of time the hackers amass Intel to work out when would be most profitable time to strike, closely monitoring separate bank networks.

Due to this method of attack, the Silence Trojan is considered by Kaspersky Lab, identifier of the threat, to join previous cyber theft operations including GCMAN, Carbanak and Metel as being among the most complex and powerful of its kind.

While spearfishing may not be the most sophisticated form of attack, Kaspersky notes that the malicious attachments are. One click will spark a chain reaction of downloads that will trigger a dropper that seals the fate of the victim.

The attack is then able to communicate with the server, ultimately taking control and unleashing malicious payloads upon it.

Once inside the attackers can actually put a real-time video stream in place for spying on and watching the day to day activity of the victim, with screenshots easily being taken.

– CISOs failing with cybersecurity – here’s why
– Microsoft eyes up AI chips for next gen HoloLens
– TransferWise set to gallop deeper into unicorn territory

Sergey Lozhkin, security expert at Kaspersky Lab, said: “The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture.”

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

Steps to remain protected from this threat include having a specialised security solution that is a capable of detecting anomalies, eliminating security gaps, and implementing email processing rules that are tuned to defending against phishing, malicious attachments and spam.

Topics in this article: , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU