Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.
A previously unknown but highly organised hacking group is carrying out a series of cyber attacks against banks and financial institutions around the world, deploying trojan malware to gain entry into networks.
The attackers are capable of monitoring everything a victim does in order to provide them with all the information they need to sneak around bank networks and make off with stolen funds.
Uncovered by Kaspersky Lab, the ‘Silence’ hacking group is suspected to be a Russian-speaking operation which has hit at least 10 financial organisations including those in Armenia and Malaysia, but mostly within Russia.
The initial attack techniques of Silence campaigns are similar threat actors including the infamous Carbanak group – initial victims are tricked by phishing emails which give the attackers a foothold into the network. They’ll remain there for a long time, only striking when they have enough information to steal large amounts.
Those behind Silence are appear to be actively targeting banks which have previously been attacked. They use emails from the addresses of real employees who have had accounts compromised – potentially bought from the dark web – to send a phishing email about what looks to be a routine request about opening a customer account.
The message comes with a malicious attachment in the form of a ‘Windows help . CHM’ file which runs once the document has been opened. An embedded JavaScript within this automatically downloads and executes a Visual Basic script which then in turn downloads the a malware dropper from a command and control server.
See also: Cyberwar: A guide to the frightening future of online conflict
It’s the Russian language in the code which has led researchers to the conclusion that the attack group is Russian-speaking.
Once downloaded and installed on the system, the malware allows the attackers to take multiple screenshots of the victim’s active screen, providing a real-time stream.
A similar technique was used by Carbanak to gain an understanding of the victim’s day-to-day activity and points to the ultimate end goal of Silence – obtaining all the information required to eventually steal money.
The malware also includes a Winexecsvc tool which allows the execution of remote commands – useful when it comes to the attackers making their way around the infected network.
Researchers note that this particular campaign has been successful in attacking financial institutions, no matter where in the world they’re based or what the network infrastructure looks like.
“We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” said Sergey Lozhkin, security expert at Kaspersky Lab.
While Silence uses very similar techniques to the Carbanak group – which has stolen more than $1 billion from banks worldwide – it’s still uncertain if the two groups are at all related.
Researchers have warned the the attacks are still ongoing.
From :http://www.zdnet.com/article/hacking-group-targets-banks-with-stealthy-trojan-malware-campaign/
About OsMonitor:
The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.
OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.
