Reports have surfaced that at least 10 financial institutions have been hit with a new strain of banking Trojan spread by an alleged Russian-speaking cybercrime group codenamed “Silence”. Analysis released today by Kaspersky Lab said the cyber-criminals are using tactics similar to another gang – known as Carbanak – in a sophisticated plot to steal millions in cash. Ryan Wilk, Vice President at NuData Security commented below.
Ryan Wilk, Vice President at NuData Security:
“Banking Trojans are designed to capture any banking information they can get their hands on. The Silence Trojan in particular does that a bit differently: it takes repeated screenshots of the user’s desktop creating a real-time pseudo-video stream with the bank employee’s activity. To protect customers from the subsequent account takeovers, banks need to render banking credentials valueless to the hacker by implementing a layered security defence.
“Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.
“The Silence group was able to monitor the infected computers and look at the credentials and the information that was being submitted. With a layered authentication, hackers are still able to install the Silence Trojan and monitor computers to steal passwords and credentials but they are not able to use them to finalise a transaction – the hacker can’t replicate the additional layer that verifies the real user’s inherent behaviour. This is why validating the user behind the device through a multi-layer strategy is key to devaluing stolen identity data. Rendering personally identifiable information useless will restore the trust on customers and financial institutions.”