Récemment, la banque centrale de Russie annonçait une tentative de vol 2.87 milliards de roubles appartenant à des institutions financières russes. Selon le rapport de la banque (CBR), AWS CBC (Automated Working Station of the Central Bank Client software) a été attaqué. Certaines personnes ont supposé à tort que la banque centrale de Russie était la cible principale de l'attaque.
« La confusion est née du fait des publications affirmant que la banque centrale de Russie était victime de ce vol. Cependant, au cours des attaques utilisant AWS CBC, il s'est avéré que l'argent volé appartenait aux banques utilisant ce service et par conséquent qu'il ne s’agissait pas de celui de la banque centrale, » explique Jean-Ian Boutin, Malware researcher chez ESET.
Les attaques utilisant AWS CBC font partie des nombreux types d'attaques répertoriés par ESET dans cette étude. « Nous présentons également des attaques sur des distributeurs automatiques de billets, les systèmes de traitement des cartes bancaires, les terminaux SWIFT et commerciaux, » conclut Jean-Ian Boutin.
Le rapport d’ESET sur les attaques actuelles contre les institutions financières de Russie est disponible en cliquant ici.
Consulter également l’article disponible sur WeliveSecurity (extraits)
Cybercrime services for the highest bidder
The services sales model represents the natural evolution of the offer into a market that is responding to a constantly growing demand. This means that IT threat developers, as well as those monetizing stolen data or kidnapping data, have begun to extend their portfolios, activities, and operations into a market that is requesting this type of service, whether it be to affect companies, industries, users, or even governments.
In the cybercrime arena, one of the industries most affected by fraud is banking. A significant number of threats in the digital era have been developed to generate losses for the users, mainly in the credit and debit card sector, although fraud is not only limited to this transaction option.
Similarly, the range of threats goes from stealing cards, skimming and social engineering to attacks by phishing, and malware such as PoS (Point of Sale) and banking trojans – all with the intention of obtaining banking data. In this context, fraud as a service can be offered, from the sale of tools to carry out skimming to malicious codes especially developed to steal financial data, such as Zeus.
Additionally, some years ago malicious code began to be offered as a service, developed for specific activities and in parallel with exploit kits. Once they have infiltrated systems via vulnerabilities, they can insert malware tosteal data and passwords, spy on users’ activities, send spam, and access and remotely control the infected equipment using an entire command and control (C&C) infrastructure.
This same principle has been used to begin to propagate ransomware, that is, malicious code designed to kidnap files or systems and ask for a payment to retrieve them, thus taking the principle of extortion, as applied to the digital environment, to a new level. Exploit kits or botnets such as Betabot have begun to diversify their malicious activities.
The main idea of ransomware as a service focuses on the fact that the people who develop this threat are not those who propagate it – their task is limited to developing tools that are capable of generating this type of malware automatically. Consequently, a different group of individuals is involved in using these tools to create than the group propagating it, whatever their skills or technical knowledge.
In this business model, both the developers of the tools for generating ransomware and the individuals who distribute it enjoy financial gains, in a “win-win” relationship. A well-known example of ransomware as a service is Tox.
In the same context, attacks can be offered as a service. For example, different attacks such as distributed denials of service (DDoS) may be the result of a large number of infected systems belonging to a botnet, which are offered and hired out so that this type of attack can be carried out. Moreover, they can be used to propagate more malicious code, send unwanted mass mails, or even be used to mine bitcoins.