Security researchers announced its discovery of a new strain of banking Trojan dubbed “Silence”, allegedly spread by a Russian-speaking cybercrime group. The cybercriminals are using similar tactics to Carbanak in a sophisticated plot to steal millions in cash. The Silence Trojan compromises users’ devices by dropping a malicious payload that is capable of monitoring its victim’s activities, including taking multiple screenshots of the day-to-day workload. IT security experts commented below.
Terry Ray, Chief Technology Officer at Imperva:
“Water is wet, the sky is blue, there’s a new Trojan, there’s a new strain. This is the world we live in today and it should be no surprise when, soon, we find the result is data loss. With a return of tens of hundreds of millions of dollars, the creation of malware / Trojans is a business. And business is good!
“The fact is, for the moment at least, any horizon signalling the end of malware is nowhere in sight. There will be new malware, you or your company will get affected by malware. You or your employees, contractors, visitors, kids, whomever, will click something they shouldn’t. The question is what do you do proactively to understand the assets malware will target?
“The major threat to banks used to be physical bank robbers, so banks used a safe and minimal cash in the tills. So, they got bigger safes. But then the threat and security solutions evolved, so banks used video cameras in the customer part of the bank, then in the safe, then over the tils. They identified the target asset, money, and made sure they knew who touched it, when they touched it, how they touched it and, ultimately, whether they should touch it. The exact the same is true in today’s threat landscape, though banks and other organisations alike, need to understand that the target is not only physical cash, but in the cyber world, all of their private data. So, what do banks know about their private data? Sadly, not much. Technology can solve this problem if organisations would use it, or use it effectively.
“Cyber criminals use multi-stage attacks to infiltrate and then move laterally until they get what they’re ultimately after – data. Therefore, it is essential for all businesses, not just financial institutions to protect their data. At all times, firms need to make sure they understand where their data is located and who is accessing – it must be monitored. It’s also important to frequently reassess who has access to the data and to determine if that access is appropriate. Lastly, make sure your IT operations team is ready to respond to any risky data access immediately to contain threats.”
Lee Munson, Security Researcher at Comparitech.com:
“Banking Trojans have long been an extremely lucrative means for criminals to extract vast amounts of money from financial institutions.
“The problem for the bad guys, however, is that banks and similar entities have the best information security defences of any organisations outside of the military and so successful attacks have often been short-lived as they are swiftly thwarted.
“It is for that reason that new attacks, such as Silence, are key to maximising profits. By biding their time and collecting intelligence, the new wave of Trojans are well placed to strike at the optimal time, stealing as much money as possible before effective countermeasures are deployed that render them ineffective.
“As ever, the best initial defence against this type of malware is simple to execute but often overlooked – an awareness program which highlights the most common attacks, such as phishing used in this instance, and how staff can recognise and avoid them.”
Ryan Wilk, Vice President at NuData Security:
“Banking Trojans are designed to capture any banking information they can get their hands on. The Silence Trojan in particular does that a bit differently: it takes repeated screenshots of the user’s desktop creating a real-time pseudo-video stream with the bank employee’s activity. To protect customers from the subsequent account takeovers, banks need to render banking credentials valueless to the hacker by implementing a layered security defence.
“Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.
“The Silence group was able to monitor the infected computers and look at the credentials and the information that was being submitted. With a layered authentication, hackers are still able to install the Silence Trojan and monitor computers to steal passwords and credentials but they are not able to use them to finalise a transaction – the hacker can’t replicate the additional layer that verifies the real user’s inherent behaviour. This is why validating the user behind the device through a multi-layer strategy is key to devaluing stolen identity data. Rendering personally identifiable information useless will restore the trust on customers and financial institutions.”