In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence. While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.

 

Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations.

 

Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

 

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper. This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

 

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

 

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

 

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert atKaspersky Lab.

 

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

  •  Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
  • Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.
  • Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Find more about Silence Trojan and indicators of compromise on Securelist.com.

 

More information about Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Epson Launches First 12,000 Lumen Native 4K 3LCD Laser Projector and New 20,000 Lumen Projector
Techworld Date Posted: 9 January 2019 5:02 PM | 86 Views
Epson, the number-one selling projector brand, has announced the launch of two new 3LCD laser projectors – The EB-L12000Q, which is the industry’s first 12,000 lumen native 4K 3LCD laser projector. See More
 
Epson Launches First 12,000 Lumen Native 4K 3LCD Laser Projector and New 20,000 Lumen Projector
Techworld Date Posted: 5:02 PM | 86 Views
Epson, the number-one selling projector brand, has announced the launch of two new 3LCD laser projectors – The EB-L12000Q, which is the industry’s first 12,000 lumen native 4K 3LCD laser projectorSee More

 
Apacer AH790 Lightning Swivel USB Flash Drive for iPhone/iPad Expanding more External Memory in Your Apple Devices
Techworld Date Posted: 28 September 2017 3:23 PM | 179 Views
Apacer, a mobile storage solution expert, introduces AH790 dual interface swivel flash drive for iOS devices. Aesthetically built with zinc alloy and equipped with USB 3.1 Gen1 Type-A and Lighting connectors, AH790 is the.... See More
 
Apacer AH790 Lightning Swivel USB Flash Drive for iPhone/iPad Expanding more External Memory in Your Apple Devices
Techworld Date Posted: 3:23 PM | 179 Views
Apacer, a mobile storage solution expert, introduces AH790 dual interface swivel flash drive for iOS devices. Aesthetically built with zinc alloy and equipped with USB 3.1 Gen1 Type-A and Lighting connectors, AH790 is the...See More

 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 20 July 2017 2:31 PM | 193 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in.... See More
 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 2:31 PM | 193 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in...See More

 
Kaspersky Lab Uncovers Hacked Servers Used by Lazarus to Control Operations
Techworld Date Posted: 25 October 2017 1:33 PM | 272 Views
While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. . See More
 
Kaspersky Lab Uncovers Hacked Servers Used by Lazarus to Control Operations
Techworld Date Posted: 1:33 PM | 272 Views
While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. See More

 
Petya, Wanna Cry, and Mirai—Is This the New Normal
Techworld Date Posted: 3 August 2017 5:01 PM | 276 Views
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren't new. Attacks like the ILOVEYOU.... See More
 
Petya, Wanna Cry, and Mirai—Is This the New Normal
Techworld Date Posted: 5:01 PM | 276 Views
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren't new. Attacks like the ILOVEYOU...See More

 
Power Mac Center’s Official Statement on the iPhone Battery Servicing
Techworld Date Posted: 22 January 2018 2:45 PM | 192 Views
In light of Apple’s official communication regarding the chemical aging issue of batteries on older iPhone units, Power Mac Center,. See More
 
Power Mac Center’s Official Statement on the iPhone Battery Servicing
Techworld Date Posted: 2:45 PM | 192 Views
In light of Apple’s official communication regarding the chemical aging issue of batteries on older iPhone units, Power Mac Center,See More

 
Sprout Solutions Supports Local Startup Community in PH through a Series of Free Learning Sessions
Techworld Date Posted: 16 December 2017 5:16 PM | 340 Views
Sprout Solutions, the fastest-growing Filipino tech startup providing a complete suite of HR software tools specifically made for the Philippine business environment, gives back by supporting the country’s startup community through its series of.... See More
 
Sprout Solutions Supports Local Startup Community in PH through a Series of Free Learning Sessions
Techworld Date Posted: 5:16 PM | 340 Views
Sprout Solutions, the fastest-growing Filipino tech startup providing a complete suite of HR software tools specifically made for the Philippine business environment, gives back by supporting the country’s startup community through its series of...See More

 
As Data Volumes Explode, Toshiba and Helium Help the Cloud Float to New Capacity Highs
Techworld Date Posted: 26 April 2018 5:31 PM | 408 Views
Storing digisnaps of places visited and meals eaten, archiving documents, sharing conference materials with colleagues; these days it’s becoming second nature to store all sorts of data in the cloud, where it’s safe until.... See More
 
As Data Volumes Explode, Toshiba and Helium Help the Cloud Float to New Capacity Highs
Techworld Date Posted: 5:31 PM | 408 Views
Storing digisnaps of places visited and meals eaten, archiving documents, sharing conference materials with colleagues; these days it’s becoming second nature to store all sorts of data in the cloud, where it’s safe until...See More

Rhea Sanvictores
ESGS 2017: The Summit of All Gaming
Techworld • By: Rhea Sanvictores | Date Posted: 30 October 2017 5:23 PM | 769 Views
Hailed as the biggest gaming event in Southeast Asia, the recently concluded Electronic Sports and Gaming Summit (ESGS) has just proven that it really is. . See More
Rhea Sanvictores
ESGS 2017: The Summit of All Gaming
Techworld • By: Rhea Sanvictores | Date Posted: 5:23 PM | 769 Views
Hailed as the biggest gaming event in Southeast Asia, the recently concluded Electronic Sports and Gaming Summit (ESGS) has just proven that it really is. See More

 
5 out of 10 Filipino Internet Users Affected by Cybersecurity Incidents in H2 2016
Techworld Date Posted: 26 July 2017 2:49 PM | 224 Views
More than half of the internet users in the Philippines have been hacked or infected with malware during the last six months of 2016, according to the Kaspersky Cybersecurity Index. Almost the same number.... See More
 
5 out of 10 Filipino Internet Users Affected by Cybersecurity Incidents in H2 2016
Techworld Date Posted: 2:49 PM | 224 Views
More than half of the internet users in the Philippines have been hacked or infected with malware during the last six months of 2016, according to the Kaspersky Cybersecurity Index. Almost the same number...See More


Power by

Download Free AZ | Free Wordpress Themes