back to article Hackers tiptoe out, launch Silence trojan, quietly raid banks of meeelllions

Cybercrooks are directly attacking banks in multiple countries using a trojan dubbed Silence. At least 10 financial organisations in multiple regions including Russia, Armenia, and Malaysia have been targeted by the so-called Silence crew in a series of ongoing attacks. While stealing funds from its victims, Silence runs …

  1. Anonymous Coward
    Anonymous Coward

    Sleeper Agents going unnoticed at banks

    Spear phishing attack... But shouldn't there be more internal controls anyway? Situation worsened by shit-canning key staff / outsourcing???

    Either way its asymmetric warfare... Hackers can afford to miss many times, but only have to get lucky once. Its the reverse of classic crime. In the movie 'Heat', DeNiro (Neil) is advised to walk away from a bank heist near the end by Voight (Nate), because the cop (Pacino) can afford to miss many times (at catching DeNiro), but DeNiro only gets one shot.

    'Silence' is the total opposite if you think about it. The bad guys with their spear-phishing and / or automated-hunting-scripts can afford to miss infinite times, but the banks can't afford to screw-up even once. One gullible-user / mis-configured / unpatched server / backdoor-hack = Meltdown. That's why we're seeing so many at the moment. Not good!

    1. Anonymous Coward
      Anonymous Coward

      Re: Sleeper Agents going unnoticed at banks

      Old school physical companies had a fixed perimeter, they put up a fence scaled to the surroundings and amount of nickable goods, now all banks and companies have fences that go through every dive on the planet that has internet, and all of them have something the bad guys want.

      Just how high can you make that fence, how many gates do you risk.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sleeper Agents going unnoticed at banks

      "shouldn't there be more internal controls anyway? Situation worsened by shit-canning key staff / outsourcing?"

      In the age of white-hats getting punished for helping businesses improve security and businesses outsourcing for cheap IT, it might as well be a lesson for them. It is the survival of the fittest. Let's those businesses learn to adapt or die from bankruptcy.

    3. amanfromMars 1 Silver badge

      Sleeper Agents vs Toxic Asset Managers ...... The New Hot Cold War Interface

      'Silence' is the total opposite if you think about it. The bad guys with their spear-phishing and / or automated-hunting-scripts can afford to miss infinite times, but the banks can't afford to screw-up even once. One gullible-user / mis-configured / unpatched server / backdoor-hack = Meltdown. That's why we're seeing so many at the moment. Not good! ..... Anonymous Coward

      Not good, AC, whenever you know what the banks do is not good? Oh please, whenever are you going to learn about the crazy easy ways of doing things and do something different and ground-breaking and earth shattering?

      Permit me to issue and control the money of a nation, and I care not who makes its laws. …. Mayer Amschel Rothschild

      Aristotle though nailed long before that what is missing from Mayer Amschel Rothschild's Program in order to ensure and assure and insure its continuing survival as a leading project rather than servant resource ........

      "In effect, there is nothing inherently wrong with fiat money, provided we perfect authority and god-like intelligence for kings."

      Bankers are not your friend, they are your gaolers.?! And when such is so. are they legitimate targets for all manner of attack and exploitation.?!

      1. amanfromMars 1 Silver badge

        Re: Sleeper Agents vs Toxic Asset Managers ...... The New Hot Cold War Interface

        Bankers are not your friend, they are your gaolers.?! And when such is so. are they legitimate targets for all manner of attack and exploitation. ‽

        Such is totally unnecessary and unfortunate because of the conflicts and difficulties it supplies whenever the virtual assets they control and provide for command ..... pretty fiat paper as National and International IOU's ..... could and should be a/the More Perfect Enabler. The System as presently is, appears to be missing that Programming/Project.

        Such AI Programming is that which NEUKlearer HyperRadioproACTive IT explores and energises in Brave New Orderly Worlds with Sublime Quantum Communications for Live Operational Virtual Environments.

        Star Chamber Round Table Stuff Mulling Perfect Sense for Immaculate Source Output ..... Heavenly Provision.

        And a little something ESPecial on Offer for El Reger Engagement with Advanced IntelAIgent Program Input.

    4. amanfromMars 1 Silver badge

      Re: Sleeper Agents going unnoticed at banks

      Radio silence/email inactivity as a response against a successful spear phishing attack is not a prime action. It reveals to harpoonists more than just evidence of a lack of necessary intelligence in-house to defeat or command and control exploits and vulnerabilities being explored. And invites that discovered/uncovered information to take flight and settle elsewhere for use to greater advantage.

  2. malle-herbert Silver badge
    Joke

    Silence will fall...

    Did they forget them as soon as they walked out of the bank ?

  3. Johnny Canuck

    Just how, exactly, are they stealing the money? Wouldn't there be some kind of transaction trail?

    1. Frank Gerlach #2

      Meh

      If you have FULLY penetrated a bank, the attackers can simply commandeer the cash machines and spit out cash without the receiver ever identifying themselves.

      Plus they can manipulate all records of transactions. The databases, the MQSeries, whatever.

      If Kaspersky describes the situation correctly, these banks where almost totally penetrated. Maybe we now witness the full fruits of the cyber war domain craze coming to fruition.

      Just a few days ago Maersk shipping reported hundreds of millions lost in business due to a cyber attack. If banks and large corporations cannot defend themselves, the computers/software themselves need a General Overhaul.

  4. sitta_europea

    It doesn't help that the banks STILL haven't implemented DNSSEC.

    1. Frank Gerlach #2

      "DNSSEC" - in the scheme of these attacks (entire bank networks and server farms penetrated), this subject is a small issue in the big picture.

      Plus TLS should take care of that if the TLS system and its CAs have not again been pwned,

  5. Walter Bishop Silver badge
    Terminator

    Gained persistent access to internal bank network

    gaining persistent access to an internal banking network for a long period of time

    What's needed is some kind of device at the border that will monitor and block connects to unknown destination IP addresses, something like a firewall (1994). With a second device that would trip an alarm on detecting suspicious activity, something like a tripwire (1997).

    'The attachment we detected in this new wave is a “Microsoft Compiled HTML Help” file'

    1. Frank Gerlach #2

      Re: Gained persistent access to internal bank network

      Did it ever occur to you that the attackers use that approach called "conceal and camouflage".

      For starters, run the C&C comms through Google Mail. Or through a hacked wordpress site which is popular in the finance industry. Nicely encrypt it in https so that your funny firewall sees just noise. Or camouflage as the traffic of a internet banking client.

      Then(or alternatively) gather the credentials of the sys admins, conquer the firewall and install some malware to filter out the nefarious traffic. It happened at Sony America...

      No, we really need unhackable computers rather sooner than later.

      1. amanfromMars 1 Silver badge

        Re: Gained persistent access to internal bank network

        No, we really need unhackable computers rather sooner than later..... Frank Gerlach #2

        Where is the fun for Great and Greater IntelAIgent Games Play in that, Frank Gerlach #2? Do you not find life oppressive enough as it is for the great majority of mankind? Now you want also to control the toys they are given to play with a monster which cannot be built?

        There is no such thing as an unhackable computer available, no matter how long one would wait.

        And as long as the PEBKAC situation persists, is there a never ending stream of fabulous opportunities to explore and exploit.

  6. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019