Experts have discovered a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian banks are first in the line of fire, but Malaysian and Armenian organizations have also been infected.

Tactically, the attack is very similar to the canonical financial APT campaign, the notorious Carbanak: a phishing e-mail with a malicious attachment sent to employees of banks and financial organizations, followed by spying on employees and then, suddenly, a fraudulent transaction. This proven method has already brought its operators billions of dollars, so why not try it again? 

The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself.

The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted in more than $850 million in fraudulent SWIFT network transactions, $80 million of which still has not been recovered. Researchers explained how the splinter group, known as Bluenoroff, has almost exclusively hit financial institutions, casinos, financial trade software development companies and cryptocurrency businesses.

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert.

The alert shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers had for more than a year infiltrated the computer systems of the Office of Personnel Management. 

To appreciate how malware targeting banks and other financial institutions is adopting sophisticated techniques once reserved for state-sponsored spies using so-called advanced persistent threats, consider the recently discovered Metel crimeware package.

It contains more than 30 separate modules that can be tailored to the computer it's infecting. One of the most powerful components automatically rolls back ATM transactions shortly after they're made. As a result, people with payment cards from a compromised bank can withdraw nearly unlimited sums of money from ATMs belonging to another bank.

Turla APT group is one the most advanced threat actors in the world. This cyber espionage group has been active for more than 8 years, but little was known about its operations until last year.

Specifically, this research included examples of language artifacts, showing that part of the Turla are Russian-speakers. What makes the Turla group especially dangerous and difficult to catch is not just the complexity of its tools, but the exquisite satellite-based command-and-control mechanism implemented in the final stages of the attack. Command-and-control servers are the base of advanced cyber-attacks. 

Merchant vessels are continuously becoming bigger and getting more electronic systems. Seafarers often depend on technology data more than their own skills, knowledge, and senses.

Crews are becoming smaller as computer systems are being used for navigation, as well as for rapid unloading and tracking of goods at ports. These systems are vulnerable to cyber threats. Victims often try to keep successful hacks a secret. The reason for this is that the maritime companies value their reputation more than the money they actually lose. Also, cyber criminals are stealthy and in many cases companies are unaware they have been hacked. 

The Chinese-language Naikon advanced persistent threat group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.

Naikon infects its victims with spear-phishing emails in which malicious executables masquerade as seemingly relevant document attachments. When a victim opens one of these malicious attachments, a decoy document appears as an executable file and quietly exploits an old Microsoft Office vulnerability, installing malware on the victim’s machine.

1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. The study also found that firsthand experience with cybercrime extortion clearly shaped opinions. 

Whether data is stolen by APTs or targeted attacks, or lost due to ransomware infection, enterprises need to reevaluate their cybersecurity strategies to incorporate the latest advanced threat defenses and become obsessive about backing up their data. Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists.

Nowadays, we talk a lot about malware that invades our daily activities. Some are more dangerous than others — whether they target private users or companies. Organizations are also threatened by attacks for their intellectual property, which is a key element in the functionality of a business.

Advanced persistent threats are among the most dangerous that exist in the computing world. Earlier, security researchers have uncovered the first ever Arabic language advanced persistent threat group, called Desert Falcons. Let's discuss the characteristics of these attacks and the way organizations and individuals can protect themselves against them.

Security researchers have uncovered the first ever Arabic language advanced persistent threat group. Dubbed Desert Falcons, the group of thirty or so attackers, operates out of Palestine, Egypt and Turkey and is said to have developed and deployed their wares exclusively in the Middle East.

It is impossible to determine whether Desert Falcons is state sponsored, but internet security is under threat. Their arsenal consists of homemade malware tools, social engineering and other techniques designed to execute and conceal campaigns on traditional and mobile operating systems. Desert Falcons’ malware is intended to steal sensitive information.