In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence. While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.

 

Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations.

 

Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

 

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper. This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

 

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

 

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

 

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert atKaspersky Lab.

 

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

  •  Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
  • Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.
  • Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Find more about Silence Trojan and indicators of compromise on Securelist.com.

 

More information about Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


Rafael Aquino
Some History on Ubisoft
Techworld • By: Rafael Aquino | Date Posted: 18 April 2017 11:10 AM | 313 Views
Headquartered in Rennes, France, Ubisoft Entertainment SA, has suffered ups and downs. See More
Rafael Aquino
Some History on Ubisoft
Techworld • By: Rafael Aquino | Date Posted: 11:10 AM | 313 Views
Headquartered in Rennes, France, Ubisoft Entertainment SA, has suffered ups and downsSee More

 
HyperX Join Forces with GPL Summer 2017
Techworld Date Posted: 24 August 2017 10:54 AM | 187 Views
HyperX, the gaming division of Kingston Technology, today announce the title sponsorship of the Garena Premier League 2017 Summer Split, the biggest League of Legends tournaments in Southeast Asia. Elite teams from Thailand, Indonesia,.... See More
 
HyperX Join Forces with GPL Summer 2017
Techworld Date Posted: 10:54 AM | 187 Views
HyperX, the gaming division of Kingston Technology, today announce the title sponsorship of the Garena Premier League 2017 Summer Split, the biggest League of Legends tournaments in Southeast Asia. Elite teams from Thailand, Indonesia,...See More

PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 1 August 2017 9:43 AM | 411 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing.... See More
PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 9:43 AM | 411 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing...See More

 
Five Ways to Make the Most Out of Your PLDT Home Prepaid Wi-Fi
Techworld Date Posted: 11 September 2018 10:59 AM | 128 Views
PLDT Home Prepaid Wi-Fi, the first prepaid service of the country’s No.1 broadband, is here and it is allowing more Filipino families to finally get their own high-speed Internet connection and enjoy their favorite.... See More
 
Five Ways to Make the Most Out of Your PLDT Home Prepaid Wi-Fi
Techworld Date Posted: 10:59 AM | 128 Views
PLDT Home Prepaid Wi-Fi, the first prepaid service of the country’s No.1 broadband, is here and it is allowing more Filipino families to finally get their own high-speed Internet connection and enjoy their favorite...See More

 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 14 September 2018 3:14 PM | 789 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily.... See More
 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 3:14 PM | 789 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily...See More

 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 15 May 2018 4:52 PM | 326 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.. See More
 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 4:52 PM | 326 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.See More

 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 21 September 2018 9:26 AM | 96 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.. See More
 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 9:26 AM | 96 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.See More

 
Skygofree: Highly Advanced, Powerful Android Surveillance Software Active since 2014
Techworld Date Posted: 26 January 2018 9:48 AM | 220 Views
Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. . See More
 
Skygofree: Highly Advanced, Powerful Android Surveillance Software Active since 2014
Techworld Date Posted: 9:48 AM | 220 Views
Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. See More

 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 21 December 2017 5:04 PM | 267 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.. See More
 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 5:04 PM | 267 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.See More

 
APAC IT Leaders Should Cultivate Situational Awareness to Thwart Cyber Threats
Techworld Date Posted: 26 July 2017 2:56 PM | 170 Views
Fortinet, a global leader in high-performance cyber security solutions, today advised IT leaders in Asia Pacific to hone their situational awareness skills in order to better defend their organizations against cyber threats. Human beings are.... See More
 
APAC IT Leaders Should Cultivate Situational Awareness to Thwart Cyber Threats
Techworld Date Posted: 2:56 PM | 170 Views
Fortinet, a global leader in high-performance cyber security solutions, today advised IT leaders in Asia Pacific to hone their situational awareness skills in order to better defend their organizations against cyber threats. Human beings are...See More


Power by

Download Free AZ | Free Wordpress Themes