Nigeria's SureBet247 rubbishes claims of possible security breach

SureBet247
stands firm

Betting site responds to security breach claims.

Tuesday, Jan 21st

Russian hacking group targets Sub-Saharan Africa banks

Russian hacking group targets Sub-Saharan Africa banks

Researchers from Kaspersky Lab have reported thousands of notifications of attacks on major banks in Sub-Saharan Africa.

The malware used in the attacks indicates the threat actor is most likely to be the notorious Silence hacking group, infamous for the theft of millions of dollars from banks around the world.

The attacks have been attributed to this group because the malware used in this latest incident was previously used solely in its operations. Moreover, the malware is in Russian, although the threat actor attempted to slightly cover this fact by typing Russian words using the English keyboard layout.

The Silence group is one of the most active advanced persistent threat actors. Its modus operandi consists of a social engineering scheme, through a phishing e-mail that contains malware sent to a bank employee.

Following this, the malware gets inside the bank's security perimeter and lays low for a while, performing reconnaissance on the target organisation by capturing screenshots and making video recordings of the daily activity on the infected device, learning how things work within the organisation. Once the bad actors are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars.

The first attacks were detected in the first week of January and indicated the threat actor is about to begin the final stage of operation and cash out the funds. The attacks are ongoing and persist in targeting large banks in several Sub-Saharan Africa countries.

Sergey Golovanov, security researcher at Kaspersky, says the Silence group has been active over the past few years, and lives up to its name.

"Their operations require an extensive period of silent monitoring, with rapid and coordinated thefts. We noticed a growing interest of this actor group in banking organisations in 2017, and since that time, the group would constantly develop, expanding to new regions and updating their social engineering scheme."

Kaspersky detects the malware used in the operation as HEUR:Trojan.Win32.Generic, PDM:Exploit.Win32.Generic, and urges all banks to stay vigilant. Apart from large sums of money, Silence group also steals sensitive information as video record screen activity.

ALSO ON ITWEB AFRICA

Zimbabwe launches first computer plant Published on 20 January 2020

Project is a joint venture between TelOne and Chinese firm Inspur.

Cybercrime in 2020 – not a question of if, but when Published on 08 January 2020

How do you prepare? Simeon Tassev, Managing Director and Qualified Security Assessor at Galix offers his perspective.

ContinuitySA Mozambique offers Business Continuity Management training Published on 20 January 2020

ContinuitySA Mozambique will offer a three-day training course for individuals tasked with business continuity responsibilities.

Russian hacking group targets Sub-Saharan Africa banks Published on 14 January 2020

Kaspersky Lab reports thousands of notifications of attacks on major banks in Sub-Saharan Africa.