Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":959,"date":"2015-02-22T18:42:56","date_gmt":"2015-02-22T18:42:56","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=959"},"modified":"2019-04-17T10:02:35","modified_gmt":"2019-04-17T10:02:35","slug":"spam-campaigns-target-banks-1-billion-losses-projected","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2015\/02\/22\/spam-campaigns-target-banks-1-billion-losses-projected\/","title":{"rendered":"Spam Campaigns Target Banks, $1 Billion Losses Projected"},"content":{"rendered":"

$\"carbanak\"$
\nThere was a time when keeping your money in a bank was the safe thing to do. We learned it from childhood: get a check from grandma, deposit it directly in the bank. Even though no child in her right mind really wanted to put the money somewhere it couldn\u2019t be used for anything tangibly wonderful, that\u2019s how we were conditioned.It was safe in the bank, and that\u2019s what we grew to believe. Unfortunately, the landscape has changed. Consumer confidence in banks has taken a beating around the world, due in part to global economic woes and the economic mismanagement that led to a worldwide recession in 2008<\/a>; and due in part to the tech-based woes experienced by the banking industry.<\/p>\n

We\u2019re seeing examples of banks spamming their customers<\/a> because they can\u2019t seem to get their Trojan problems under control; and they\u2019re not just isolated problems. In 2013, studies in the UK revealed a dire state of affairs in the banking world<\/a>, with infections and security incidents going off like a fireworks display in the British Isles. In one instance, five of eight infected banks were hosting the Conficker botnet, seven were churning out spam, and all of them were infected with malicious software of some sort.<\/p>\n

We don\u2019t want to dump all over the banking industry, unless where it\u2019s justified. It\u2019s not entirely their fault that they\u2019re being targeted, because crooks are hammers and banks look like nails. Banks are where the money\u2019s kept, so of course cyber criminals are going to be placing the banking industry squarely in their sights. But the bank is where we keep our money, and maybe we\u2019d be better off stuffing it in a mattress or burying it in the back yard. Modern day Bonnies and Clydes don\u2019t need machine guns to make illegal withdrawals, and any sense of confidence and safety that we have for banks is taking a beating these days.<\/p>\n

The situation\u2019s not getting any better. Kaspersky Labs recently published a report<\/a> on a threat called Carbanak, a backdoor delivered to target systems through email attachments. Criminals use spear phishing methods to deliver the emails and the malicious attachment comes in the form of Microsoft Word 97-2003 (.doc) and Windows Control Panel (.cpl) files and they \u201cexploit vulnerabilities in Microsoft Office 2003, 2007 and 2010 (CVE-2012-0158 and CVE-2013-3906) and Microsoft Word (CVE-2014- 1761). Once the vulnerability is successfully exploited, the shellcode decrypts and executes the backdoor known as Carbanak.\u201d<\/p>\n

Once the remote code executes, Carbanak is installed on the victim’s system, but Kaspersky has identified other exploits in the attack, noting that \u201can additional infection vector that we believe was used by the criminals is a classical drive-by-download attack. We have found traces of the Null and the RedKit exploits kits.\u201d<\/p>\n

What\u2019s even more disturbing is the knowledge that these threats are nothing new. The banking industry has been dealing with them for awhile, Kaspersky points out. \u201cFrom late 2013 onwards, several banks and financial institutions have been attacked by an unknown group of cybercriminals. In all these attacks, a similar modus operandi was used.\u201d Victims of the attacks as well as law enforcement have estimated that these attacks are ongoing, meaning that two years later, the banks are still dealing with them; and combined losses could reach US $1 Billion. That\u2019s a lot of scratch, and if anyone wonders why cyber crooks are in it, clearly they\u2019re in it for the money.<\/p>\n

According to The Globe and Mail<\/a> in Canada, the crooks are based in Russia and the Ukraine (hey, at least they can agree on something). Kaspersky does, however, point out that the exploits used are possibly of Chinese origin. Previously, the attackers had only been targeting Russian financial institutions, but it\u2019s a big world out there and now they\u2019re branching out. Canadian banks are being targeted, according to the article, and Kaspersky reports that institutions in other countries are under attack. \u201cOf the 100 banking entities impacted at the time of writing this report, at least half have suffered financial losses, with most of the victims located in Russia, USA, Germany, China and Ukraine.\u201d<\/p>\n

The attack itself is pernicious, spying on the infected user and collecting data that can be sent back to the C&C (command and control) server. \u201cUsing the intelligence gained from video and other monitoring techniques, the attackers developed an operational picture of the victim’s workflow, tooling and practices. This picture helps the attackers to deploy their malicious operations.\u201d If Carbanak detects banking application BLIZKO (funds transfer software) on the infected computer, it reports back to the C&C server. In addition, it recognizes IFOBS banking applications, and \u201ccan, on command, substitute the details of payment documents in the IFOBS system.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"