Malicious Infrastructure and Malware Tactics Recall Anthem Attack
http://ef67fc04ce9b132c2b32-8aedd782b7d22cfe0d1146da69a52436.r14.cf1.rackcdn.com/russian-banks-targeted-by-fake-security-alerts-showcase_image-4-a-8975.jpg
Mathew J. Schwartz March 17, 2016
Attackers have targeted an unknown number of Russia's 700 banks with malware, in part by pretending to be a cybercrime-fighting division of the country's central bank.
Moscow-based information security firm Kaspersky Lab revealed the attacks March 16, saying they began March 15, and that the related attack website domain names were first registered on March 14.
"In principle, the fact and manner of carrying out this attack is nothing new," according to a Russian-language blog post from security researcher Alexander Gostev at Kaspersky Lab, who adds that "reports of the theft of tens of millions of rubles from the accounts of a bank" seem to appear weekly.
But Gostev says this incident "deserves special attention" because of its technical and social-engineering ingenuity. In particular, the attackers pretended to be FinCERT - a special unit of the Central Bank of Russia launched last year specifically to fight cybercrime and track security incidents that affect the country's financial services sector. They did that in part by disguising their email to look like an official FinCERT document, including using an accurate-looking code, "20160314 - 001," for the supposed security alert.
Full Article
Userlevel 7
The tatics used are becoming more and more sophisticated and hard to detect before its to late. Security IT need to be vigil and focus on this type of attacks.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.