📜 ⬆️ ⬇️

The attackers attacked Russian banks, sending messages to thousands of their employees

This week it became known about the large-scale attack of the hacker group Silence on Russian banks. It used the "weak link" - the human factor. Cybercriminals sent messages with malicious content to more than 80 thousand bank employees, as reported by Vedomosti.

This is about phishing, which in this case was very ambitious. A file was attached to the letter, imitating an invitation to the financial forum. According to employees of Group-IB, a company operating in the field of information security, Silence is one of the least studied hacker groups.

It is no less dangerous than the more famous Cobalt and MoneyTaker. The Central Bank knows about the attack, the organization informed about the problem of the bank, giving recommendations on countering the attack.

“Fill out the form in the attached archive and send it to us. You will receive two free invitations and the name of your bank will be posted on the official portal of the forum, ”the letter said. The application was zipped, inside instead of invitations there was a ZIP-archive with an invitation to the forum and a malicious attachment called Silence.Downloader aka TrueBot.

At the end of last year, a similar attack was carried out. Then cybercriminals also used social engineering techniques. The attackers sent out a large number of letters on behalf of a pharmaceutical company whose employee allegedly wanted to open a salary project. Attached is a file with malicious code.

Nevertheless, the Central Bank believes that attacks by attackers on banks are less and less successful. This was stated by the division of the Central Bank, which is engaged in cybersecurity of the financial sector. So, from January to August of last year, targeted attacks of attackers brought them only 76.5 million rubles instead of 1.08 billion (the same period in 2017). Attacks became more - 22, not 20.

According to representatives of FinCERT, the reasons for the decline in income of attackers are quite transparent. This is the growing activity of countering cybercriminals, raising the level of cybersecurity of financial organizations, analytical services with predictive analytics.

Source: https://habr.com/ru/post/436758/