Experts have discovered a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian banks are first in the line of fire, but Malaysian and Armenian organizations have also been infected.

Tactically, the attack is very similar to the canonical financial APT campaign, the notorious Carbanak: a phishing e-mail with a malicious attachment sent to employees of banks and financial organizations, followed by spying on employees and then, suddenly, a fraudulent transaction. This proven method has already brought its operators billions of dollars, so why not try it again? 

The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself.

The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted in more than $850 million in fraudulent SWIFT network transactions, $80 million of which still has not been recovered. Researchers explained how the splinter group, known as Bluenoroff, has almost exclusively hit financial institutions, casinos, financial trade software development companies and cryptocurrency businesses.

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert.

The alert shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers had for more than a year infiltrated the computer systems of the Office of Personnel Management. 

Turla APT group is one the most advanced threat actors in the world. This cyber espionage group has been active for more than 8 years, but little was known about its operations until last year.

Specifically, this research included examples of language artifacts, showing that part of the Turla are Russian-speakers. What makes the Turla group especially dangerous and difficult to catch is not just the complexity of its tools, but the exquisite satellite-based command-and-control mechanism implemented in the final stages of the attack. Command-and-control servers are the base of advanced cyber-attacks. 

Merchant vessels are continuously becoming bigger and getting more electronic systems. Seafarers often depend on technology data more than their own skills, knowledge, and senses.

Crews are becoming smaller as computer systems are being used for navigation, as well as for rapid unloading and tracking of goods at ports. These systems are vulnerable to cyber threats. Victims often try to keep successful hacks a secret. The reason for this is that the maritime companies value their reputation more than the money they actually lose. Also, cyber criminals are stealthy and in many cases companies are unaware they have been hacked. 

1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. The study also found that firsthand experience with cybercrime extortion clearly shaped opinions. 

Whether data is stolen by APTs or targeted attacks, or lost due to ransomware infection, enterprises need to reevaluate their cybersecurity strategies to incorporate the latest advanced threat defenses and become obsessive about backing up their data. Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists.

Security researchers have uncovered the first ever Arabic language advanced persistent threat group. Dubbed Desert Falcons, the group of thirty or so attackers, operates out of Palestine, Egypt and Turkey and is said to have developed and deployed their wares exclusively in the Middle East.

It is impossible to determine whether Desert Falcons is state sponsored, but internet security is under threat. Their arsenal consists of homemade malware tools, social engineering and other techniques designed to execute and conceal campaigns on traditional and mobile operating systems. Desert Falcons’ malware is intended to steal sensitive information.

Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to Turla, a so-called advanced persistent threat disclosed in August. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities. 

This article is the first in a series of posts in which I will document some of the false perceptions in IT security. And believe me, there are many. While it is nearly impossible to cover them all, I will certainly attempt to explain as many as my time and energy allows.

When we talk about IT security, we still tend to live with the mindset that our biggest issue is protecting ourselves against future threats. The same thing happens when I attend security conferences or read articles and blog posts; everyone seems to focus on trying to uncover or protect us from the unknown. Almost every security company and a number of researchers are talking about targeted attacks. 

Russia poses a serious cyber threat to industrial control systems, pharmaceutical, defense, aviation, and petroleum companies. Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. 

There is nothing quick about studying Russian cyber operations. Beyond understanding the complexities of the malware itself, one must also match up the names of several families of malware, some which have evolved over time and have had different names, as well as to link together the names given to specific groups by a number of private security companies.