news
Russian speaking hacking group is attacking banks in
Sub-Saharan Africa, according to Kaspersky
aspersky security researchers have reported on
thousands of notifications of attacks on major
banks located in the Sub-Saharan Africa (SSA)
region. The malware used in the attacks indicates that the
threat actors are most likely to be an infamous Silence
hacking group, previously known to be responsible for the
theft of millions of dollars from banks worldwide.
K
The Silence group is one of the most active Advanced
Persistent Threat (APT) actors, which has carried out a
number of successful campaigns targeting banks and
financial organisations around the globe.
The typical scenario of the attack begins with a social
engineering scheme, as attackers send a phishing email
that contains malware to a bank employee. From there,
the malware gets inside the bank’s security perimeter and
lays low for a while, gathering information on the victim
organisation by capturing screenshots and making video
recordings of the day to day activity on the infected device,
learning how things work in the targeted banks.
Once attackers are ready to act, they activate all
capabilities of the malware and cash out using ATMs, for
example. The score sometimes reaches millions of dollars.
The attacks detected began in the first week of January
and indicated that the threat actors are about to begin the
final stage of their operation and cash out the funds. To
date, the attacks are ongoing and persist in targeting large
banks in several SSA countries.
Kaspersky researchers attribute the attacks to the
Russian speaking Silence group based on the malware
used in the attacks, which was previously used solely in
the group’s operations.
ALMOST HALF OF RESPONDENTS TO POLL ‘WOULDN’T KNOW’
IF THEIR ORGANISATION HAD SUFFERED A CYBER BREACH
lmost half of respondents to
the latest Twitter poll run by
Infosecurity Europe, Europe’s
number one information security event,
admit they would be completely unaware
if a cyber breach occurred in their
organisation. The poll was designed
to explore incident response, an area
that has come under recent scrutiny
following Travelex’s response to its New
Year’s Eve cyberattack, which left many
of its systems down and impacted travel
currency sales.
A
In answer to the question: ‘If a cyber
breach occurred, how quickly could
you discover it?’, 31.5% of respondents
said they would discover it immediately,
14.3% within 30 days and 6.6% within
200 days. However, a shocking 47.6%
conceded they simply would not know.
www.intelligentciso.com
|
Issue 22
According to Maxine Holt, Research
Director at Ovum, this reflects a
widespread issue. “Discovering a breach
well after the event is usual. Uncovering
breaches is not easy, but proactive
threat hunting is an approach being
increasingly used by organisations.
Regularly scanning environments to look
for anomalies and unexpected activity is
useful, but it can be difficult to deal with
the number of resulting alerts. Ultimately,
effective cyberhygiene involves having
layers of security to prevent, detect and
respond to incidents and breaches.”
they had ‘some’ – and only 24.7% said
their grasp was ‘comprehensive’.
Good incident response demands good
risk insight. The poll examined this by
asking, ‘What understanding do you
have of your information assets?’. A
worrying 44.7% revealed they had ‘very
little’ understanding, with 30.7% stating
7