In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence. While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.

 

Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations.

 

Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

 

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper. This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

 

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

 

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

 

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert atKaspersky Lab.

 

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

  •  Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
  • Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.
  • Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Find more about Silence Trojan and indicators of compromise on Securelist.com.

 

More information about Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


Frank Emmanuel Trazo
Adaptability and Stability
Techworld • By: Frank Emmanuel Trazo | Date Posted: 2 August 2017 2:42 PM | 533 Views
California-based multinational computer technology corporation Oracle continues to push on innovating their Security Operation Center (SOC) cloud service, a cloud-native, management, and identity-based platform designed for every company's security systems. Oracle aims to improve.... See More
Frank Emmanuel Trazo
Adaptability and Stability
Techworld • By: Frank Emmanuel Trazo | Date Posted: 2:42 PM | 533 Views
California-based multinational computer technology corporation Oracle continues to push on innovating their Security Operation Center (SOC) cloud service, a cloud-native, management, and identity-based platform designed for every company's security systems. Oracle aims to improve...See More

 
Six Filipino Youths Emerged Winners of the ASEAN Data Science Explorers National Finals
Techworld Date Posted: 2 November 2017 2:59 PM | 275 Views
Following the completion of the ASEAN Data Science Explorers Philippines National Finals, six local students were awarded with the top three awards for their insights and ideas on driving a sustainable future for ASEAN.. See More
 
Six Filipino Youths Emerged Winners of the ASEAN Data Science Explorers National Finals
Techworld Date Posted: 2:59 PM | 275 Views
Following the completion of the ASEAN Data Science Explorers Philippines National Finals, six local students were awarded with the top three awards for their insights and ideas on driving a sustainable future for ASEAN.See More

 
BIOSTAR Launches Compact High-Speed Storage Solution with M200 M.2 SSD
Techworld Date Posted: 20 March 2017 11:40 AM | 545 Views
BIOSTAR is thrilled to announce its latest addition to its great lineup of storage products. See More
 
BIOSTAR Launches Compact High-Speed Storage Solution with M200 M.2 SSD
Techworld Date Posted: 11:40 AM | 545 Views
BIOSTAR is thrilled to announce its latest addition to its great lineup of storage productsSee More

 
Sony’s Xperia XZ Premium Now Available in Limited Edition Rosso Colorway
Techworld Date Posted: 10 November 2017 10:48 AM | 331 Views
Sony announced that the Xperia XZ Premium is already available in a new, limited edition colorway.. See More
 
Sony’s Xperia XZ Premium Now Available in Limited Edition Rosso Colorway
Techworld Date Posted: 10:48 AM | 331 Views
Sony announced that the Xperia XZ Premium is already available in a new, limited edition colorway.See More

PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 26 October 2017 2:36 PM | 332 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and.... See More
PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 2:36 PM | 332 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and...See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 494 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 494 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
NukeBot: New Ready-to-Attack Version of Dangerous Banking Trojan Caught in the Wild
Techworld Date Posted: 24 July 2017 2:45 PM | 275 Views
Kaspersky Lab researchers have detected NukeBot – new malware which has been designed to steal the credentials of online banking customers. Earlier versions of the Trojan were known to the security industry as TinyNuke,.... See More
 
NukeBot: New Ready-to-Attack Version of Dangerous Banking Trojan Caught in the Wild
Techworld Date Posted: 2:45 PM | 275 Views
Kaspersky Lab researchers have detected NukeBot – new malware which has been designed to steal the credentials of online banking customers. Earlier versions of the Trojan were known to the security industry as TinyNuke,...See More

 
MMD Philippines Introduces New Lineup of AOC and Philips Monitors
Techworld Date Posted: 31 October 2018 5:29 PM | 292 Views
AOC, the number one monitor brand in the Philippines known for their impeccable quality gaming monitors, and Philips, a well-known brand for making high-performance and innovative display solutions for home and businesses, proudly launch.... See More
 
MMD Philippines Introduces New Lineup of AOC and Philips Monitors
Techworld Date Posted: 5:29 PM | 292 Views
AOC, the number one monitor brand in the Philippines known for their impeccable quality gaming monitors, and Philips, a well-known brand for making high-performance and innovative display solutions for home and businesses, proudly launch...See More

 
IDC Philippines Unveils its Top ICT Predictions for 2017 and Beyond
Techworld Date Posted: 9 February 2017 2:38 PM | 241 Views
MANILA, Philippines – IDC Philippines announced its top predictions for the Philippine ICT industry for 2017 and beyond and predicts 25% of its top 1,000 companies will see majority of their business depend on.... See More
 
IDC Philippines Unveils its Top ICT Predictions for 2017 and Beyond
Techworld Date Posted: 2:38 PM | 241 Views
MANILA, Philippines – IDC Philippines announced its top predictions for the Philippine ICT industry for 2017 and beyond and predicts 25% of its top 1,000 companies will see majority of their business depend on...See More

 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5 October 2018 5:19 PM | 230 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not.... See More
 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5:19 PM | 230 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not...See More


Power by

Download Free AZ | Free Wordpress Themes