A Cartel Of Notorious Russian Hackers Are Now Attempting To Hack Their Way Into Sub-Saharan Africa’s Banking Sector
It’s 2020 and cybersecurity has garnered more importance. The dawn brings with a new trend of online threats on the prowl for valuable data which can be used for untold purposes. A common culprit is the Silence Group, an undercover team of hackers with intentions to cart away huge sums of money.
Bank Targets
The internet looters are now targeting financial organizations, among which are banks operating in Sub-Saharan Africa. According to research findings from multinational cybersecurity firm Kaspersky, these attacks touched down in the region’s banking sector in January 2020. The ongoing threat is reported to be in its final stage of operation after which it will cash out funds.
Sergey Golovanov, security researcher at Kaspersky, declined to disclose the name of the banks that are being targeted. That makes sense since protecting their privacy and preventing further incursions are priorities. But Sergey did tell WeeTracker any malicious attack could end up being very costly to these banks. “In some cases, the score sometimes reaches millions of dollars,” he said.
The Silence Group is not a new cult in town. They have been in the hacking neighborhood long enough to develop some of the most efficient tactics there are. On the back of being one of the most active Advanced Persistent Threat (APT) actors around the world, they have been able to successfully orchestrate a number of bank-focused campaigns.
According to McKinsey, In terms of size, Africa’s current banking market is approximately USD 86 Bn in revenues before risk cost. The projected growth for the continent’s banking-revenue pools of 8.5 percent a year between 2017 and 2022 will bring the total USD 129 Bn.
Recent Sightings
Group-IB – a Singapore-based cybersecurity firm – says the Silence Group is substantially expanding its geography. The group, reportedly Russian, has stolen funds now estimated at USD 4.2 Mn. Most of the attacks have been outside Africa, but there’s an obvious reason the group is now making inroads – the region has less cybersecurity investments.
A 2019 Silence 2.0: Going Global report identified that Silence has made a number of changes to its TTPs and enhanced its arsenal, as a result of being in the spotlight of security researchers for some time now.
Until recently, the group’s activity appears to have been mainly confined to Russia and some countries within the so-called CIS or SF2, a group of former Soviet Union states that include Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Turkmenistan, Ukraine and Uzbekistan.
Banks queried by WeeTracker regarding the trend would not comment on the issue, most of them citing that such information is, agreeably, classified. However, it is common knowledge that these banks are from time to time threatened by cyber criminals. Judging from their responses, the Silence Group is anything but myth.
Sergey said: “The Silence group has been quite productive in the past years, as they live up to their name; their operations require an extensive period of silent monitoring, with rapid and coordinated thefts”.
Organized Attacks
Kaspersky told WeeTracker that it noticed a growing interest of this actor group in banking organisations in 2017 and since that time the group has constantly been developing – expanding to new regions and updating their social engineering scheme. Typically, the Silence Group’s attacks begins with a social engineering scheme.
They send a phishing email imbued with malware to a bank employee. Like a virus, the malware spreads from the staff’s inbox into the bank’s security perimeter, where it stays out of sight for a while. While laying low, the malware gathers information on the victim organization by taking screenshots and video-recording the platform’s daily activities – ultimately learning how things work.
“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars, ” says Sergey.
“Banks remain a high priority target for APT hacking groups. We urge all banks across the globe to stay vigilant, as apart from the large sums of money, the Silence group also steal sensitive information while monitoring the banks activity as they video record screen activity”.
Cyber Provisions
That cybersecurity venture investments in Africa remain a dream does not mean measures have not been taken to improve the online security of organizations. Nigeria, for instance, passed the Cybercrime (Prohibition, Prevention, Etc.) Act (“the Act”) in 2015.
The Act spells punishment for specific actions such as cybersquatting, cyberstalking, identity theft, unlawful access to a computer (popularly called hacking), cyber terrorism, racism and xenophobic crimes. While this is a welcome development, the Act does not provide assistance to organizations in terms of essential information on how to structure a cybercrime-proof business.
In August 2018, Egypt signed a cybersecurity law into being, allowing the government to block websites and set jail sentences for any cyber-related offence committed in the country. About two months later, the law was ratified to fight extremist and terrorist organizations that use the internet to promote their ideas among youth.
In as much as there are other cybersecurity laws provided in other African countries, busting a group of anonymous hackers doesn’t come easy. Judging from their experience and achievements in other parts of the world, there couldn’t be a better time for better practices.
The Silence Group is not the first APT hacking group to target financial institutions. Carbanak, back in 2015, reportedly carted away USD 1 Bn from dozens of banks across the globe. There’s also Lazarus, the notorious group allegedly responsible for stealing USD 81 Mn from the Central Bank of Bangladesh in 2016.
Featured Image: Bankinfosecurity