Bank Robbery: Cyber Criminals Steal $1Billion

A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia is alleged to have stolen possibly as much as $1 billion worldwide from financial organisations.

The new group has been called Silence by researchers at Kaspersky Lab who recently published a report about the criminals’ activities, which bear a sharp resemblance to Carbanak. But the relationship apparently ends at imitation.

“They are not Carbanak,” said Kaspersky Lab researcher Sergey Lozhkin. “They are using some of the same techniques at some points, but that’s it.”

Kaspersky Lab said it did not have information on the gang’s success, nor how much it had stolen to date. The attacks, however, are ongoing, the researchers said.

The researchers called the group’s attacks “targeted,” using spear phishing and a number of different means to maintain persistence on a bank’s internal network, monitor employee and system activities, and eventually stealing money.

“We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed,” Lozhkin said. “The most worrying thing here is that due to their, in-the-shadow, approach these attacks may succeed regardless of the peculiarities of each bank’s security architecture.”

The spear-phishing emails contain attachments that eventually download and execute a dropper that reaches out to the attacker’s infrastructure. The backdoor is used to send system information and execute malicious code that uploads data, steals credentials and initiates tasks such as screen recording, which was a hallmark of Carbanak.

Silence, like Carbanak, uses these screen grabs to essentially create a video recording of daily activity on employees’ computers, amassing knowledge about internal processes before stealing money.

“We saw that technique before in Carbanak, and other similar cases worldwide,” Kaspersky Lab said in its report.

Kaspersky Lab said that the Silence gang’s spear-phishing emails are sent from an already-compromised financial network.

“The cyber-criminals using Silence send spear-phishing emails as initial infection vectors, often using the addresses of employees of an already infected financial institution, with a request to open an account in the attacked bank,” Kaspersky Lab’s report said. “The message looks like a routine request. Using this social engineering trick, it looks unsuspicious to the receiver.”

Silence also makes use of a proprietary Microsoft online help format called Microsoft Compiled HTML Help, or CHM. CHM files are interactive and can run JavaScript, for example, which the attackers use to redirect victims to external URLs.

“Attackers began exploiting CHM files to automatically run malicious payloads once the file is accessed. Once the attachment is opened by the victim, the embedded .htm content file (“start.htm”) is executed,” Kaspersky Lab said. “This file contains JavaScript, and its goal is to download and execute another stage from a hardcoded URL.”

Once the dropper is unpacked and executed from the attacker’s command and control server, a number of payload modules are dropped that spy on systems and employees.

One of those modules is the screen monitor, which uses the Windows GDI and API tools to record screen activity using the CreateCompatibleBitmap and GdipCreateBitmapFromHBITMAP functions, Kaspersky Lab said.

Threatpost

You Might Also Read:

Phishing Is  The Top Cyberattack Vector In 2017:

Russian Cyber Gang Arrested By …. Russia:

Thieves Drain Protected Bank Accounts:

 

« NotPetya Much Worse Than WannaCry
North Korea Denies Involvement In WannaCry »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.