Reports have surfaced that at least 10 financial institutions have been hit with a new strain of banking Trojan spread by an alleged Russian-speaking cybercrime group codenamed “Silence”. Analysis released today by Kaspersky Lab said the cyber-criminals are using tactics similar to another gang – known as Carbanak – in a sophisticated plot to steal millions in cash. Ryan Wilk, Vice President at NuData Security commented below.
Ryan Wilk, Vice President at NuData Security:
“Banking Trojans are designed to capture any banking information they can get their hands on. The Silence Trojan in particular does that a bit differently: it takes repeated screenshots of the user’s desktop creating a real-time pseudo-video stream with the bank employee’s activity. To protect customers from the subsequent account takeovers, banks need to render banking credentials valueless to the hacker by implementing a layered security defence.
“Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.
“The Silence group was able to monitor the infected computers and look at the credentials and the information that was being submitted. With a layered authentication, hackers are still able to install the Silence Trojan and monitor computers to steal passwords and credentials but they are not able to use them to finalise a transaction – the hacker can’t replicate the additional layer that verifies the real user’s inherent behaviour. This is why validating the user behind the device through a multi-layer strategy is key to devaluing stolen identity data. Rendering personally identifiable information useless will restore the trust on customers and financial institutions.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.