back to article 30+ countries, 160,000 emails, $4.2m in cyber-heists… maybe it's time for the Silence hacker crew to change its name

The rapidly growing hacking crew dubbed Silence, has – in less than three years – gone from ransacking small regional banks in Eastern Europe to stealing millions from some of the largest international banks. A report issued this morning by Singapore-based infosec outfit Group-IB claims that Silence, active since 2016, is now …

  1. Headley_Grange Silver badge

    Snitch

    Way outside my field of knowledge, and I realize that running a bank's IT is probably a bit more complicated than running my PC, but given that this malware requires access to its command and control server why can't banks run a whitelist of known, trusted connections? This would mean physically separating the banking hardware from the everyday email and browsing kit, but I sort of assume that's the case anyway. I guess it might cause the odd glitch, or slow down transactions when new connections have to be authorized and set up, but it doesn't sound like too much hassle given the sums that can be lost . Am I missing something?

    1. monty75

      Re: Snitch

      I would imagine that they're running through a series of privilege escalation attacks eg compromise a low ranking staffers' PC through spear-phishing/watering-hole attacks, the use that as a foothold to attack the next level of security. By the time they get to the actual money-controlling systems they are so far inside the bank's network that they're indistinguishable from the legitimate whitelisted traffic.

      1. GnuTzu

        Re: Snitch

        And, this is why boundary security and end-point security has gotten so much more sophisticated than simply white-listing. Yes block lists and white-lists exist, but there are categorization and security ratings services, along with geo-location. And, there are insider-threat programs monitoring user behavior (creepy huh). There are proxy and end point controls to, not only do virus scanning, but to also send downloads off to a VM to get exploded to try to catch zero-day exploits.

        Yet, the hackers know of all these things. Malware is even written to detect when it's on a VM to thwart the zero-day detection techniques. Yes, successful pwning financial institutions requires a many-pronged attack.

    2. Anonymous Coward
      Anonymous Coward

      Re: Snitch

      This would mean physically separating the banking hardware from the everyday email and browsing kit, but I sort of assume that's the case anyway.

      You'd like to think so, wouldn't you. Mmmm hmmmm.

      #truestory

  2. Ugotta B. Kiddingme

    Silence?

    I thought The Doctor retroactively solved that problem in 1969

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021