Russia hackers attack global banks, new Trojans hit-IT information
According to foreign website reported Csoonline, Russia cyber criminals at the local bank after the attack, is now extending the attack to the world. Moving a new Trojan is spread worldwide.
Russia Dmitiry, co-founder of network security company Group-IB Volkov said first half of second half of 2015 and 2016, criminals from Russia Bank and stole nearly $ 44 million, up 292% over the previous year. Russia bank related to the cyber attack cases, directly against the banks of attacking 45%.
Meanwhile, the theft of dropped significantly for personal Internet banking account, fell 83% to $ 100,000 the amount of theft, theft fell 50% against the bank accounts, to $ 17 million.
Dmitiry Volkov said cyber criminals develop first against local targets of malicious software, and then pushed by a number of factors to expand overseas.
These factors include the Russia authorities of hacker attack and Russia security improvement.
"Also, since 2014, Russia financial crisis occurred," he added, "the ruble's value has lost 35 years ago, hackers in Russia reduced the number of activities to earn money, they want the dollar or the euro, rather than rubles. ”
Russia's cyber criminals begin in the United States, and Canada, Europe and other areas in search of targets.
They also in Russia develops new attack techniques, these technologies directly to Bank's internal systems, such as Swift, and ATM management system.
These attacks occurred starting in 2013, this year, they spread to the world.
According to the United States information systems audit and control Association (Information Systems Audit and Control Association) reported this summer, a Ukraine Bank Swift network was hacked, by the theft of $ 10 million. There are also located in Ukraine and Russia similar attacks on banks.
Belarus Alfa Bank's ATM system has been hacked. Last spring, the Bangladesh Central Bank Heist was stolen by hackers was $ 81 million, hackers used a similar technique in the attack.
"It is difficult to determine where these criminals are coming from. "Dmitiry Volkov said. The Central Bank of Bangladesh's attack, investigative agency initial reports blamed North Korean hackers, but later reports said that Russian hackers were also involved in the attack.
He said that after the attacks, the Bank will not share details about how the attack occurred, it is difficult to determine the identity of the offender.
"Last week, the criminals to foreign banks to launch a new wave of attacks. "He said. He added that he currently does not disclose information about Russia by cyber criminals for more information.
"We are conducting a joint investigation with Europol, we cannot disclose information to the public. "He said.
Earlier this month, Symantec published a report. Reports said not long ago against the United States, Hong Kong, Australia and the United Kingdom and other parts of the Bank's senior attack, carried out by a group called Carbanac, and suspected that the group is located in Russia. The attacks led to a total loss of funds by banks in the tens of millions of dollars to hundreds of millions of dollars.
"This attack really is global. "Dmitiry Volkov said.
Russia authorities are cooperating with international inspectors in order to combat these criminal groups, but the process was slow.
"It is difficult to investigate these cases," he said. In addition, any member of a particular group may be located in several different countries, and different countries ' law enforcement agencies need to work together, to also capture all the criminals.
"Otherwise, the other guy will remove all evidence, and move on to other places, or take other measures to avoid being arrested. "He said.
Also, even if the level of law enforcement investigative bodies are increasing, information sharing is still a problem, he said.
"The lack of effective channels of communication," he said, "there are official processes to Exchange data, but the process is slow. ”
The next wave of mobile attacks
Russia cyber crime groups are preparing to launch another wave of attacks.
According to Group-IB data, in Russia, using a mobile personal banking account theft Trojan attacks involving rose 471%, reached $ 6 million.
Move the Trojans appeared for the first time in 2013, hacker attacks using SMS banking and mobile banking systems. Zhihou, banks respond quickly, place limits on transactions on a mobile device.
"So, in 2014 and 2015, the hacker's theft fell. "Dmitiry Volkov said.
Criminals also in innovation, develop new types of attacks and malware spreading mechanism.
"Russia become mobile banking Trojans test. "He said. "Next year, or in the next few years, Russia will be the output of network attack software.
For example, some malware uses pseudo dialog box asks the user to enter credit card details, and trade confirmations and requires the user to enter a one-time password, immediately after user's bank card stolen funds.
In addition, the user's login credentials used for online banking (transaction limit than the mobile Bank) be collected and re-used by hackers.
Criminals began to develop complete, even imitating banking application.
"Criminals could use some program generates a new pseudo-mobile banking in a few minutes," he said, "the criminals simply the specified color, icons, and fields. ”
Google, Yahoo, and Russia's Yandex search engine advertising builds download fake Bank in a link to the application.
Phishing messages sent by SMS or email, they asked users for mission-critical applications or the operating system to install the required update.
"They clicked on a link, click the install button, and then installing malicious software. "He said.
The proliferation of fake bank or through the official app store, they usually hide in another application.
"The application has great ability on the unofficial shop they can root your device, upgrade privileges. "He said. "You try to root your device, but at the same time you are installing a malicious program, then it will download the Bank Trojan. ”
俄罗斯黑客开始攻击全球银行,新的
木马应用来袭 - IT资讯
据国外网站Csoonline报道,俄罗斯网络犯罪分子在本土进行了银行攻击测试之后,现在已经开始将攻击范围扩大到全球。一种新的移动木马正在全球扩散。
俄罗斯网络安全公司Group-IB的联合创始人Dmitiry Volkov称,2015年下半年和2016年上半年,犯罪分子直接从俄罗斯银行盗走了近4400万美元,比上年同期增长292%。在与俄罗斯银行有关的网络攻击案件中,针对银行的直接攻击占45%。
与此同时,针对个人网上银行帐户的盗窃案大幅下降,盗窃金额下降了83%至10万美元,针对商业银行帐户的盗窃金额下降了50%,至1700万美元。
Dmitiry Volkov称,网络犯罪分子首先开发针对本土目标的恶意软件,然后在一系列因素的推动下向海外扩张。
这些因素包括俄罗斯当局对黑客的打击和俄罗斯银行安全性的提升。
“而且,自2014年以来,俄罗斯发生了金融危机,”他补充说,“卢布的价值相对三五年前已经贬值,黑客通过在俄罗斯的活动赚到的钱减少了,他们想要得到美元或欧元,而不是卢布。”
俄罗斯的网络犯罪分子开始在美国、加拿大、欧洲和其他地区寻找攻击目标。
同时,他们在俄罗斯开发新一代攻击技术,这些技术直接针对银行内部系统,如Swift和ATM管理系统。
这些攻击在2013年开始出现,今年,它们向全球扩散。
据美国信息系统审计和控制协会(Information Systems Audit and Control Association)报告,今年夏天,一家乌克兰银行的Swift网络被黑客攻击,被窃走1000万美元。还有一些位于乌克兰和俄罗斯的几家银行受到了类似的攻击。
白俄罗斯Alfa银行的ATM系统也受到了黑客攻击。去年春天,孟加拉国中央银行heist被黑客窃走了8100万美元,黑客在攻击中使用了类似的技术。
“很难确定这些犯罪分子来自何处。”Dmitiry Volkov说。在孟加拉国中央银行受到的那次攻击中,调查机构的最初报告将责任归咎于朝鲜黑客,但后来的报告认为说俄语的黑客也参与了攻击。
他说,在遭遇攻击后,银行不会分享有关攻击如何发生的详细信息,所以很难确定犯罪分子的身份。
“上周,犯罪分子对国外银行发起新一波的攻击。”他说。他补充说,他目前不能披露关于俄罗斯网络犯罪分子的更多信息。
“我们正在与欧洲刑警组织进行联合调查,我们不能向公众披露信息。”他说。
本月初,赛门铁克发布了一份报告。报告中称,不久前发生的针对美国、香港、澳大利亚、英国和其他地区的一些银行的高级攻击,实施者是一个叫Carbanac的集团,并怀疑该集团位于俄罗斯。这些攻击导致银行总共损失的资金在数千万美元到数亿美元之间。
“这种攻击真的正在全球化。”Dmitiry Volkov说。
俄罗斯当局正在与国际调查人员合作,以打击这些犯罪团体,但是调查进程很缓慢。
“很难调查这些案件,”他说。此外,任何特定群体的成员都可能位于不同的几个国家,不同国家的执法机构必须协同工作,以便同时抓获所有犯罪份子。
“否则,其他家伙将删除所有的证据,并转移到其他地方,或采取其他措施避免被逮捕。”他说。
同时,即使调查机构的执法水平正在提高,信息共享仍然是一个问题,他说。
“缺乏有效的交流渠道,”他说,“有交换数据的官方流程,但这个过程很慢。”
下一波移动攻击
俄罗斯网络犯罪团体正在准备发起另一波攻击。
根据Group-IB的数据,在俄罗斯,使用移动木马程序攻击个人银行帐户的盗窃案涉案金额上升了471%,达到600万美元。
移动木马首次出现在2013年,黑客利用短信银行系统和移动银行系统实施攻击。之后,银行快速响应,对移动设备上的交易设置了限制。
“所以,在2014年和2015年,黑客的盗窃金额下降了。”Dmitiry Volkov说。
犯罪分子也在创新,发展出了新的攻击类型和新的恶意软件扩散机制。
“俄罗斯成为移动银行木马的测试地。”他说。“明年,或在未来几年里,俄罗斯将成为网络攻击软件的输出地。
例如,有的恶意软件使用伪对话框请求用户输入银行卡详细信息,并要求用户进行交易确认和输入一次性密码,之后就会立即窃走用户的银行卡资金。
此外,用户用于网上银行的登录凭证(交易限制高于移动银行)也被黑客收集和重新使用。
犯罪分子甚至开始开发完整的、模仿性的银行应用。
“犯罪分子可以通过几个程序在几分钟内生成新的伪手机银行应用,”他说,“罪犯只需指定颜色、图标和字段。”
谷歌、雅虎和俄罗斯的搜索引擎Yandex中的广告会植入下载伪银行应用的网页链接。
还有通过短信或电子邮件发送的网络钓鱼邮件,它们要求用户为关键的应用程序或操作系统安装所需的更新。
“他们点击一个链接,点击安装按钮,然后就会安装恶意软件。”他说。
这些伪银行应用还通过非官方应用商店扩散,它们通常隐藏在另一个应用程序中。
“非官方商店上的应用具有巨大的能力,它们能够root你的设备,升级权限。”他说。“你试图root你的设备,但同时你正在安装一个恶意程序,之后它会下载银行木马。”