Left Menu
Development News Edition

Kaspersky researchers report on attacks on major banks in sub-Saharan Africa

The Silence group is one of the most active Advanced Persistent Threat (APT) actors, which has carried out a number of successful campaigns targeting banks and financial organisations around the Globe.


Kaspersky researchers report on attacks on major banks in sub-Saharan Africa
Kaspersky researchers attribute the attacks to the Russian speaking Silence group based on the malware used in the attacks, which was previously used solely in the group's operations. Image Credit: ANI

Kaspersky (Kaspersky.co.za) security researchers have reported on thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region. The malware used in the attacks indicates that the threat actors are most likely to be an infamous Silence hacking group, previously known to be responsible for the theft of millions of dollars from banks across the world.

The Silence group is one of the most active Advanced Persistent Threat (APT) actors, which has carried out a number of successful campaigns targeting banks and financial organisations around the Globe. The typical scenario of the attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee. From there the malware gets inside the banks' security perimeter and lays low for a while, gathering information on the victim organization by capturing screenshots and making video recordings of the day to day activity on the infected device, learning how things work in the targeted banks. Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars.

The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.

Kaspersky researchers attribute the attacks to the Russian speaking Silence group based on the malware used in the attacks, which was previously used solely in the group's operations. In addition, the language of the malware is Russian: threat actors attempted to slightly cover this fact by typing Russian words using the English keyboard layout.

"Silence group has been quite productive in the past years, as they live up to their name; their operations require an extensive period of silent monitoring, with rapid and coordinated thefts. We noticed a growing interest of this actor group in banking organisations in 2017 and since that time the group would constantly develop, expanding to new regions and updating their social engineering scheme," said Sergey Golovanov, a security researcher at Kaspersky. "We urge all banks to stay vigilant, as apart from the large sums Silence group also steal sensitive information while monitoring the Banks activity as they video record screen activity. This is a serious privacy abuse that might cost more than money can buy."

Kaspersky detects the malware used in the operation as HEUR: Trojan.Win32.Generic, PDM: Exploit.Win32.Generic

To protect from this and similar attacks, we advise financial organisations to apply the following measures:

Introduce basic security awareness training for all employees so that they can better distinguish phishing attempts.

Monitor activity in enterprise information systems information security operations center.

Use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Detection and Response (bit.ly/380Nvvp) or use the Kaspersky Anti Targeted Attack platform (bit.ly/2TiaYEh).

Provide security teams with access to up to date threat intelligence data (bit.ly/2QN64NQ), to keep pace with the latest tactics and tools used by cybercriminals.

Prepare an incident response plan to be ready for potential incidents in the network environment.

(With Inputs from APO)

Download The Devdiscourse News App for Latest News.


TRENDING

OPINION/BLOG/INTERVIEW

Top 10 Fake News, Myths and Realities on 2019 Novel Coronavirus COVID 19

With nearly 1500 deaths by January 14 and around 65,000 infections in China, the Novel Coronavirus 2019 has become one of the worst health epidemics of the 21st Century. However, 8,573 people have been cured but the rumor mongers are a...

Handling fake news Infodemic in time of Coronavirus epidemic

Social media has provided a platform where everybody can disseminate his her views without any supervision. Its excellent if the message is genuine but misinformation is equally disastrous. Health is such a topic where every Tom and Harry c...

Sentiment Analysis on Budget 2020: Long shot for solution to economic worries?

Industries and individuals alike had high expectations from the government to take tangible steps but the budget 2020 seems to have failed expectations....

How can technology help the future of mobility?

More than a billion people or one-third of the global rural population lacked access to all-season roads and transport services in 2016, subsequently hindering the socio-economic development....

Videos

Latest News

UPDATE 1-Environmental activists stage protests at commodities groups in Geneva - police

Environmental activists staged protests at offices of commodities groups Cargill, Vitol and Mercuria in Geneva on Monday, Swiss police said on Monday.About 50 activists were present for about 15 minutes at Cargills offices, but then left, a...

Thai army to transfer control of land after mass shooting

Thailands army agreed on Monday to transfer management control of 160,000 hectares of commercial land to the finance ministry in a drive to reform its business practices after a soldier went on a shooting spree over a property deal gone sou...

Iran ready to help Lebanon - Lebanese president's office citing Larijani

Irans parliament speaker Ali Larijani said his country stood ready to help Lebanons crisis-hit economy, the Lebanese presidents office said after the two met on Monday.We wish the new government success and we are ready to help improve the ...

India's top court orders equal roles for women in army

Indias top court ruled on Monday that women could serve as army commanders, dismissing the governments stance that male soldiers were not ready to accept orders from female officers as disturbing.The Supreme Court also ordered the governme...

Give Feedback