In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a new group called Silence. While stealing funds from its victims, Silence implements specific techniques similar to the infamous threat actor, Carbanak. The attacks are still ongoing.

 

Silence joins the ranks of the most devastating and complex cyber-robbery operations like Metel, GCMAN and Carbanak, which have succeeded in stealing millions of dollars from financial organizations.

 

Most of these operations embrace the following technique: they gain persistent access to internal banking networks for a long period, monitor its day to day activity, examine the details of each separate bank network, and then when the time is right, they use that knowledge to steal as much money as possible.

 

This is exactly the case with Silence Trojan – which compromises its victim’s infrastructure via spear phishing emails.

 

The malicious attachments to the emails are quite sophisticated. Once the victim opens them, it takes just one click to initiate a series of downloads and finally execute the dropper. This communicates with the command and control server, sends the ID of the infected machine, and downloads and executes malicious payloads, responsible for various tasks like screen recording, data uploading, the theft of credentials, remote control etc.

 

Interestingly, the criminals exploit the infrastructure of already infected financial institutions for new attacks, by sending emails from real employee addresses to a new victim, along with a request to open a bank account. Using this trick, criminals make sure the recipient is unsuspicious of the infection vector.

 

When cybercriminals gain persistence in the network they start to examine it. The Silence group is capable of monitoring its victim’s activities, including taking multiple screenshots of the victim’s active screen, providing a real-time video stream of all the victim’s activities, etc.

 

All of the features serve one purpose: to understand the victim’s day to day activity and obtain enough information to eventually steal money. This process and style strongly resembles the techniques of Carbanak.

 

Based on language artifacts found during their research into the malicious components of this attack, Kaspersky Lab security researchers have concluded that the criminals behind the malicious Silence attacks speak Russian.

 

“The Silence Trojan is a fresh example of cybercriminals shifting from attacks on users to direct attacks on banks. We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” notes Sergey Lozhkin, security expert atKaspersky Lab.

 

Kaspersky Lab researchers advise organizations to take the following measures, in order to protect themselves from possible cyberattacks:

  •  Use a specialized solution against advanced threats that can detect all types of anomalies and scrutinize suspicious files at a deeper level to reveal, recognize and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
  • Eliminate security holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services are a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising users on how to fix it, further strengthening corporate security.
  • Configure strict email processing rules and enable security solutions with dedicated functionality aimed at phishing, malicious attachments and spam – for example, cloud-assisted anti-phishing and attachment-filtering in Kaspersky Endpoint Security and targeted security solutions for email protection.

 

Find more about Silence Trojan and indicators of compromise on Securelist.com.

 

More information about Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Watch and Download Movie Life (2017)
Techworld Date Posted: 14 September 2017 2:13 PM | 1680 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In.... See More
 
Watch and Download Movie Life (2017)
Techworld Date Posted: 2:13 PM | 1680 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In...See More

 
NVIDIA Laptop Momentum Accelerates as Partners Announce 25 New Models
Techworld Date Posted: 1 June 2019 11:12 AM | 476 Views
NVIDIA has announced the launch by leading manufacturers of 25 laptops fuelled by its power-efficient NVIDIA Turing™ GPUs, broadening the reach of their revolutionary ray-tracing capabilities beyond the nearly 100 Turing-generation laptops announced earlier this.... See More
 
NVIDIA Laptop Momentum Accelerates as Partners Announce 25 New Models
Techworld Date Posted: 11:12 AM | 476 Views
NVIDIA has announced the launch by leading manufacturers of 25 laptops fuelled by its power-efficient NVIDIA Turing™ GPUs, broadening the reach of their revolutionary ray-tracing capabilities beyond the nearly 100 Turing-generation laptops announced earlier this...See More

 
Industrial Cybersecurity Threat Landscape in H1 2017: Every Third ICS Computer Under Attack Was in Manufacturing Companies
Techworld Date Posted: 14 October 2017 1:53 PM | 584 Views
In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one-third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation.... See More
 
Industrial Cybersecurity Threat Landscape in H1 2017: Every Third ICS Computer Under Attack Was in Manufacturing Companies
Techworld Date Posted: 1:53 PM | 584 Views
In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one-third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation...See More

 
MTECH 2018 Rides on ‘A New Wave of Disruption’
Techworld Date Posted: 11 December 2018 2:07 PM | 541 Views
Since its first staging in 2015, the Meralco Technology and Innovation Summit (MTECH) has provided a venue for its employees and industry stakeholders to learn and experience new technologies relevant to utilities, and more.... See More
 
MTECH 2018 Rides on ‘A New Wave of Disruption’
Techworld Date Posted: 2:07 PM | 541 Views
Since its first staging in 2015, the Meralco Technology and Innovation Summit (MTECH) has provided a venue for its employees and industry stakeholders to learn and experience new technologies relevant to utilities, and more...See More

 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5 October 2018 5:19 PM | 222 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not.... See More
 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5:19 PM | 222 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not...See More

 
Realme 3 Scores Back-to-Back Sold-Out Feats, Sells 500 Units in 18 Minutes at Shopee 4.4
Techworld Date Posted: 5 April 2019 10:38 AM | 264 Views
Hot on the heels of being hailed as Shopee’s fastest-selling smartphone sub-Php10,000, budget and midrange smartphone disruptor realme 3 sets another record with its Shopee 4.4 sold-out promo. A record of 500 units of.... See More
 
Realme 3 Scores Back-to-Back Sold-Out Feats, Sells 500 Units in 18 Minutes at Shopee 4.4
Techworld Date Posted: 10:38 AM | 264 Views
Hot on the heels of being hailed as Shopee’s fastest-selling smartphone sub-Php10,000, budget and midrange smartphone disruptor realme 3 sets another record with its Shopee 4.4 sold-out promo. A record of 500 units of...See More

 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 19 October 2017 5:27 PM | 678 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of.... See More
 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 5:27 PM | 678 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of...See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 783 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 783 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
NVIDIA GPUs Support the Development of Intelligent, Self-Learning Systems at the University of Adelaide
Techworld Date Posted: 27 September 2017 5:14 PM | 73 Views
Recognising shapes and pictures is complex enough for computers on 2D (flat) surfaces. When it comes to 3D object recognition, things become much more difficult as the shape of an object changes dramatically at.... See More
 
NVIDIA GPUs Support the Development of Intelligent, Self-Learning Systems at the University of Adelaide
Techworld Date Posted: 5:14 PM | 73 Views
Recognising shapes and pictures is complex enough for computers on 2D (flat) surfaces. When it comes to 3D object recognition, things become much more difficult as the shape of an object changes dramatically at...See More

 
Alita: Battle Angel Hypes Up with AOC and 21st Century Fox’s Exclusive Sneak Peek in IMAX Theatre
Techworld Date Posted: 18 December 2018 10:48 AM | 451 Views
AOC, a global-leader in display technology, and Twentieth Century Fox Film Corporation once again joined forces as promotional partners for an exclusive sneak peek of Alita: Battle Angel at the IMAX Theater in SM.... See More
 
Alita: Battle Angel Hypes Up with AOC and 21st Century Fox’s Exclusive Sneak Peek in IMAX Theatre
Techworld Date Posted: 10:48 AM | 451 Views
AOC, a global-leader in display technology, and Twentieth Century Fox Film Corporation once again joined forces as promotional partners for an exclusive sneak peek of Alita: Battle Angel at the IMAX Theater in SM...See More


Power by

Download Free AZ | Free Wordpress Themes