Monday, 16 February 2015

Gang That Stole Millions From Banks Last Year Already Unmasked

The gang of cyber criminals that this weekend the news was because they enable a billion dollars in banks around the world had been stolen last year by Dutch and Russian security unmasked . From when the published analysis showed that the attacks could have been prevented if the banks had installed security updates for Microsoft Word and employees had opened no exe files that were sent via email.

The Russian anti-virus firm Kaspersky Lab will later today make a report out on the Carnabak gang. The gang was last year in a report by the Delft Fox-IT and Russian Group-IB called "Anunak". The attack that the researchers of the two security companies which took begun infecting the computer of an employee. For example, documents were used in Word installed malware via known vulnerabilities.

If the system of the banks had installed the updates for these vulnerabilities, which since 2012 and 2013 are available, it would fail the attack. Also sent the attackers email attachments with exe files. In case this step was successful was then tried to steal the password of a user with administrator privileges. The next step consisted of getting access to a server.

Through the server password of the domain administrator was compromised. Hereafter all active domain accounts were taken over and monitor the attackers email traffic. The next step in the attack consisted of the compromise of the operator workstations of the bank system. In these systems, recording software was installed to record the process of the workers.Finally, there were changes made in the firewall configuration. Or the gang has adapted the method later applied or other tactics will only become clear once the report of Kaspersky online. but according to Fox-IT Carnabak and Anunak same group.

The examination of the two security companies further revealed that the criminals had access to ATMs and could infect remote malware to record at later times "free" money. The group had access to 50 Russian banks, five payment and sixteen companies. The damage amounted to 14 million dollars, according to the researchers. The attacks were at the time of publication are still going on in the december.

In an update , Fox-IT suggests that a different amount has named Kaspersky because it listed only the direct losses of Russian banks that could be verified. There was also in the report do not include damage caused by intellectual property theft and damage caused by downtime and repairs. Furthermore, Kaspersky Lab reports that banks in Europe and the US have become the target, while not appearing in the research of Fox-IT and Group-IB.

After publication of the report in December, the gang would have scaled back their activities. "The exact reason for this break is unclear, but he was already going for our report," said the researchers. At this time, the group would be not very active."But they can at any time to start again. Another possibility is that they have already started and we have no reports or evidence of their new activities."

No comments:

Post a Comment