from SAVIOUS KWINIKA in Johannesburg, South Africa
JOHANNESBURG – BANKS in Sub-Saharan Africa are at the mercy of a Russian speaking hacking group, most likely to be the infamous Silence outfit previously responsible for the theft of millions of dollars from banks across the world.
The Silence group is one of the most active Advanced Persistent Threat (APT) actors.
The typical scenario of the attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.
From there the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device, learning how things work in the targeted banks.
Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, automated teller machines (ATMs).
The score sometimes reaches millions of dollars.
“The Silence group has been quite productive in the past years, as they live up to their name,” said Sergey Golovanov, security researcher at Kaspersky, the global cyber security company.
“Their operations require an extensive period of silent monitoring, with rapid and coordinated thefts,” he explained.
Kaspersky noticed a growing interest of this actor group in banking organisations in 2017.
Since then, the group would constantly develop, expanding to new regions and updating its social engineering scheme.
Golovanov urged banks to stay vigilant as apart from the large sums, Silence group also stole sensitive information while monitoring the banks’ activity as they video recorded screen activity.
“This is a serious privacy abuse that might cost more than money can buy,” he said.
Kaspersky recommends that companies introduce basic security awareness training for employees, monitor activity in enterprise information systems information security operations centre and prepare an incident response plan to be ready for potential incidents in the network environment.
– CAJ News