In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence. While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.

 

Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations.

 

Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

 

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper. This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

 

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

 

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

 

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert atKaspersky Lab.

 

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

  •  Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
  • Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.
  • Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Find more about Silence Trojan and indicators of compromise on Securelist.com.

 

More information about Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 24 August 2018 4:42 PM | 201 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The.... See More
 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 4:42 PM | 201 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The...See More

 
Lian Li Partners with Razer for Special Edition PC-O11
Techworld Date Posted: 7 June 2018 9:48 AM | 1618 Views
Lian Li Industrial Co. Ltd., world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions and case accessories in partnership with Razer, the world’s leading lifestyle brand for gamers, is proud to.... See More
 
Lian Li Partners with Razer for Special Edition PC-O11
Techworld Date Posted: 9:48 AM | 1618 Views
Lian Li Industrial Co. Ltd., world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions and case accessories in partnership with Razer, the world’s leading lifestyle brand for gamers, is proud to...See More

 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 29 October 2018 5:13 PM | 168 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.. See More
 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 5:13 PM | 168 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.See More

 
Realme C1: King of Entry Level Smartphones Is Now Ready for Its First Flash Sale on December 5th 12NN
Techworld Date Posted: 4 December 2018 5:07 PM | 176 Views
Realme Philippines, the newest game changer smartphone brand in the Philippines recently unveiled its first smartphone in the country, the Realme C1.. See More
 
Realme C1: King of Entry Level Smartphones Is Now Ready for Its First Flash Sale on December 5th 12NN
Techworld Date Posted: 5:07 PM | 176 Views
Realme Philippines, the newest game changer smartphone brand in the Philippines recently unveiled its first smartphone in the country, the Realme C1.See More

 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 30 April 2019 10:08 AM | 89 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences..... See More
 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 10:08 AM | 89 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences....See More

 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 22 August 2018 2:04 PM | 367 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI.... See More
 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 2:04 PM | 367 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI...See More

 
Simplify Your Life with the USB Type-C Storage Solutions from Transcend
Techworld Date Posted: 10 May 2019 11:26 AM | 45 Views
With the growing adoption of the USB Type-C standard by new platforms and devices, Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, has constantly developed a wide range of USB.... See More
 
Simplify Your Life with the USB Type-C Storage Solutions from Transcend
Techworld Date Posted: 11:26 AM | 45 Views
With the growing adoption of the USB Type-C standard by new platforms and devices, Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, has constantly developed a wide range of USB...See More

 
Single and Shopee: A Guide to Spending Heart’s Month
Techworld Date Posted: 18 February 2019 11:34 AM | 88 Views
Struck with an arrow or not this Valentine, you have so much love to celebrate this Heart’s Month. Here’s a list of fun activities you can do to show the world that you’re #Single,.... See More
 
Single and Shopee: A Guide to Spending Heart’s Month
Techworld Date Posted: 11:34 AM | 88 Views
Struck with an arrow or not this Valentine, you have so much love to celebrate this Heart’s Month. Here’s a list of fun activities you can do to show the world that you’re #Single,...See More

 
Predictions: AI Fuzzing and Machine Learning Poisoning
Techworld Date Posted: 27 December 2018 4:39 PM | 169 Views
  For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. To maximize revenue, for example, they are.... See More
 
Predictions: AI Fuzzing and Machine Learning Poisoning
Techworld Date Posted: 4:39 PM | 169 Views
  For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. To maximize revenue, for example, they are...See More

 
STAR WARS FANS: CHOOSE YOUR SIDE!
Techworld Date Posted: 9 November 2017 1:11 PM | 337 Views
PHILIPPINES — November 8, 2017: Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, today announced that its highly anticipated,. See More
 
STAR WARS FANS: CHOOSE YOUR SIDE!
Techworld Date Posted: 1:11 PM | 337 Views
PHILIPPINES — November 8, 2017: Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, today announced that its highly anticipated,See More


Power by

Download Free AZ | Free Wordpress Themes