Russian Banks Targeted by Fake Security Alerts

Malicious Infrastructure and Malware Tactics Recall Anthem Attack
 
                                        http://ef67fc04ce9b132c2b32-8aedd782b7d22cfe0d1146da69a52436.r14.cf1.rackcdn.com/russian-banks-targeted-by-fake-security-alerts-showcase_image-4-a-8975.jpg
 
Mathew J. Schwartz  March 17, 2016
 
Attackers have targeted an unknown number of Russia's 700 banks with malware, in part by pretending to be a cybercrime-fighting division of the country's central bank.

Moscow-based information security firm Kaspersky Lab revealed the attacks March 16, saying they began March 15, and that the related attack website domain names were first registered on March 14.

"In principle, the fact and manner of carrying out this attack is nothing new," according to a Russian-language blog post from security researcher Alexander Gostev at Kaspersky Lab, who adds that "reports of the theft of tens of millions of rubles from the accounts of a bank" seem to appear weekly.

But Gostev says this incident "deserves special attention" because of its technical and social-engineering ingenuity. In particular, the attackers pretended to be FinCERT - a special unit of the Central Bank of Russia launched last year specifically to fight cybercrime and track security incidents that affect the country's financial services sector. They did that in part by disguising their email to look like an official FinCERT document, including using an accurate-looking code, "20160314 - 001," for the supposed security alert.
 
Full Article