Silence Hackers have targeted banks across 30 countries including Malaysia, Taiwan, South Korea, China, Russia, United Kingdom, Bangladesh & Bulgaria. They have launched 16 campaigns since September 2018 with their new updated hacking tactics, techniques, and procedures (TTPs). These TTPs has evolved with numerous changes in terms of their attack techniques in order to complicate detection by security tools.
The hackers have stolen 4.2 million USD since June 2016 to June 2019. They carried out recon phishing campaigns by sending phishing emails that include an image or link without malicious payload to almost 85,000 recipients. These tactics are used to create an updated list of active email addresses which can be used in future attacks.
There are three recon campaigns that they have been carried out in Asia, Russia & Europe.
1. Among other countries in Asia, they attack mostly banks in Malaysia, Taiwan & South Korea by sending up to 80,000 phishing emails.
2. Between 16 October 2018 to 1 January 2019, 84,000 emails were sent to banks in Russia.
3. They have sent less than 10,000 emails to banks in United Kingdom.
Here’s the list of Silence Hacker attacks performed from August 2018 to August 2019.
1. August 2018 – An Indian bank was successfully attacked.
2. October 2018 – Russian banks were attacked by a malicious campaign.
3. 15 & 16 November 2018 – A massive phishing campaign were launched claiming to be sent by the Central Bank of the Russian Federation.
4. 20 November 2018 – First stage Asian attack campaigns were launched.
5. January 2019 – United Kingdom financial organizations were targeted.
6. February 2019 – Silence Hackers successfully withdrew $400,000 from Omsk IT Bank in Russia.
7. May 2019 – Silence Hackers withdrew $3 Million from the ATMs of Dutch-Bangla Bank in Bangladesh.
8. June 2019 – They launched new attacks on banks in Russia.
9. July 2019 – Successfully attacked banks in Ghana, Chile, Bulgaria & Costa Rica.
It is important for banking users and the bank itself to prevent these kind of attacks from spreading to a larger scale. Condition Zebra (an International IT security services, Training and Certification provider) would like to share our views on this matter. With a vast experience in handling cyber security matters since 2007, we found out that most companies have not implemented cyber security’s best practices and lack adequate forms of data protections. This makes their organizations, infrastructures or systems vulnerable to data loss, financial costs and reputational harm. To prevent cyber-attacks, organizations should find loopholes in their infrastructures. This is why it is important to do penetration testing at least once a year to identify your infrastructure’s security weaknesses.
When it comes to cyber security, at Condition Zebra we take it seriously. Condition Zebra’s penetration testing service not only seeks for vulnerabilities, we also adopt a hacker’s mindset and techniques to find out security breaches in your system before the real enemies attempt to exploit your sensitive data. On top of that, we will also test your organization’s security policies such as your adherence to compliances’ requirements, your employees’ security awareness and the organization’s ability to identify and respond to security incidents. But no worries! Unlike real intruders, we will never make an attempt to breach your data.
It is time for you to take a step ahead in preventing your organization from being a cyber-attack victim. Claim our FREE penetration testing service today! Although this is a free of charge service, Condition Zebra is committed to provide the best penetration testing service for you. A comprehensive report will be provided and we reassure you that this is not a report generated from vulnerability scanners. Our report contains the findings from vulnerability assessments, standard penetration testings, and advanced manual testings conducted by our penetration testers.
While cybercriminals are a significant threat to organizations and the government, the actual critical threats to them are their own lack of adequate defense and employees who are ignorant of cyber threats. Employee training is a core matter as a key defense measure to any cyber-attacks. At Condition Zebra, we conduct cyber-security trainings which are not only theoretical but we apply hands on training with the latest updates to cyber security evolution.
Finally, for users, it is important to keep yourself updated with the latest cyber-security issues. No one is protected from cyber-attacks unless they are not using Internet in their daily lives. As always, we invite you to leave any comments or questions in the comments section below.