Hackers targeted Banks and 100 organisations

Uploaded on 2017-02-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organisations from more than 30 countries.

Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.

The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering-hole attacks. They then injected code into the websites that redirected visitors to a custom exploit kit.

The exploit kit contained exploits for known vulnerabilities in Silverlight and Flash Player; the exploits only activated for visitors who had Internet Protocol addresses from specific ranges.

"These IP addresses belong to 104 different organizations located in 31 different countries," researchers from Symantec said in a blog post recently. "The vast majority of these organisations are banks, with a small number of telecoms and Internet firms also on the list."

In the case of the targeted Polish banks, it's suspected that the malicious code was hosted on the website of the Polish Financial Supervision Authority, the government watchdog for the banking sector.

The BAE Systems researchers found evidence that similar code pointing to the custom exploit kit was present on the website of the National Banking and Stock Commission of Mexico in November. This is the Mexican equivalent to the Polish Financial Supervision Authority.

The same code was also found on the website of the Banco de la República Oriental del Uruguay, the largest state-owned bank in that South American country, according to BAE Systems.

Included in the list of targeted IP addresses were those of 19 organisations from Poland, 15 from the US, nine from Mexico, seven from the UK, and six from Chile.

The payload of the exploits was a previously unknown malware downloader that Symantec now calls Downloader.Ratankba. Its purpose is to download another malicious program that can gather information from the compromised system. This second tool has code similarities to malware used in the past by the Lazarus group.

Lazarus has been operating since 2009, and has largely focused on targets from the U.S. and South Korea in the past, the Symantec researchers said. The group is also suspected of being involved in the theft of $81 million from the central bank of Bangladesh last year. In that attack, hackers used malware to manipulate the computers used by the bank to operate money transfers over the SWIFT network.

"The technical/forensic evidence to link the Lazarus group actors ... to the watering-hole activity is unclear," the BAE Systems researchers said in a blog post.

"However, the choice of bank supervisor and state-bank websites would be apt, given their previous targeting of central banks for heists, even when it serves little operational benefit for infiltrating the wider banking sector."

Computerworld

 

« Make The Most Of Data Analytics
The Cusp Of Merging Human With Machine »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

LogmeOnce

LogmeOnce

LogmeOnce provides users with solution to multiple Password problems, Single Sign-On (SSO), and Identity Management.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

Charterhouse Müller UK

Charterhouse Müller UK

Charterhouse Müller UK are a leading service provider for end of life IT services including data erasure and secure IT asset disposal.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

CyberNINES

CyberNINES

CyberNINES is a business specializing in helping US Department of Defense contractors become compliant and attest to federal cybersecurity regulation requirements.

Dream

Dream

Dream is developing an AI platform that enables cyber resilience and protects nations from hostile nation-states cyber attacks.