Connect with us

Featured

Kaspersky reveals trail of cyber bank robbers

Published

on

Kaspersky Lab has published the results of its more-than-year-long investigation into the activity of Lazarus – a notorious hacking group allegedly responsible for the theft of 81 million dollars from the Central Bank of Bangladesh in 2016.

During the forensic analysis of artefacts left by the group in South-East Asian and European banks, Kaspersky Lab has reached a deep understanding of what malicious tools the group uses and how it operates while attacking financial institutions, casinos, software developers for investment companies and crypto-currency businesses around the world. This knowledge has helped to interrupt at least two other operations which had one goal – to steal a large amount of money from financial institutions.

In February 2016, a group of hackers (unidentified at that time) attempted to steal $851 million USD, and managed to transfer 81 million USD from the Central Bank of Bangladesh. This is considered to be one of the largest, most successful cyber heists ever. Further investigation conducted by researchers from different IT security companies including Kaspersky Lab revealed a high chance that the attacks were conducted by Lazarus – a notorious cyber espionage and sabotage group responsible for a series of regular and devastating attacks, and known for attacking manufacturing companies, media and financial institutions in at least 18 countries around the world since 2009.

Although several months of silence followed the Bangladesh attack, the Lazarus group was still active. They had been preparing for a new operation to steal money from other banks and, by the time they were ready, they already had their foot in a financial institution in South East Asia. After being interrupted by Kaspersky Lab products and the following investigation, they were set back for another few months, and later decided to change their operation by moving to Europe. But here too, their attempts were interrupted by Kaspersky Lab’s security software detections, as well as the quick incident response, forensic analysis, and reverse engineering with support from company’s top researchers.

Lazarus Formula

Based on the results of the forensic analysis of these attacks, Kaspersky Lab researchers were able to reconstruct the modus operandi of the group.

Initial compromise: A single system inside a bank is breached either with remotely accessible vulnerable code (i.e. on a webserver) or through a watering hole attack through an exploit planted on a benign website. Once such a site is visited, the victim’s (bank employee) computer gets malware, which brings additional components.

Foothold established: Then the group migrates to other bank hosts and deploys persistent backdoors – the malware allows them to come and go whenever they want.

Internal reconnaissance: Subsequently the group spends days and weeks learning the network, and identifying valuable resources. One such resource may be a backup server, where authentication information is stored, a mail server or the whole domain controller with keys to every “door” in the company, as well as servers storing or processing records of financial transactions.

Deliver and steal: Finally, they deploy special malware capable of bypassing the internal security features of financial software and issuing rogue transactions on behalf of the bank.

unnamed

Geography and Attribution

The attacks investigated by Kaspersky Lab researchers lasted for weeks. However, the attackers could operate under the radar for months. For example, during the analysis of the incident in South-East Asia, experts discovered that hackers were able to compromise the bank network no less than seven months prior to the day when the bank’s security team requested incident response. In fact, the group had access to the network of that bank even before the day of the Bangladesh incident.

According to Kaspersky Lab records, from December 2015, malware samples relating to Lazarus group activity appeared in financial institutions, casinos software developers for investment companies and crypto-currency businesses in Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq, Ethiopia, Kenya, Nigeria, Uruguay, Gabon, Thailand and several other countries. The latest samples known to Kaspersky Lab were detected in March 2017, showing that attackers have no intention of stopping.

Even though attackers were careful enough to wipe their traces, at least one server they breached for another campaign contained a serious mistake with an important artefact being left behind. In preparation for operation, the server was configured as the command & control center for the malware. The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C server. However, there was one short connection on that day which was coming from a very rare IP address range in North Korea.

According to researchers, that could mean several things:

  • The attackers connected from that IP address in North Korea
  • It was someone else’s carefully planned false flag operation
  • Someone in North Korea accidentally visited the command and control URL

The Lazarus group heavily invests in new variants of their malware. For months they were trying to create a malicious toolset which would be invisible to security solutions, but every time they did this, Kaspersky Lab’s specialists managed to identify unique features in how they create their code, allowing Kaspersky Lab to keep tracking the new samples. Now, the attackers have gone relatively quiet, which probably means that they have paused to rework their arsenal.

“We’re sure they’ll come back soon. In all, attacks like the ones conducted by Lazarus group show that a minor misconfiguration may result in a major security breach, which can potentially cost a targeted business hundreds of millions of dollars in loss. We hope that chief executives from banks, casinos and investment companies around the world will become wary of the name Lazarus,” said Vitaly Kamluk, Head of Global Research and Analysis Team APAC at Kaspersky Lab.

Kaspersky Lab products successfully detect and block the malware used by the Lazarus threat actor with the following specific detection names:

  • HEUR:Trojan-Banker.Win32.Alreay,
  • Trojan-Banker.Win32.Agent

The company is also releasing crucial Indicators of Compromise (IOC) and other data to help organisations search for traces of these attack groups in their corporate networks. For more information go to Securelist.com

We urge all organisations to carefully scan their networks for the presence of Lazarus malware samples and, if detected, to disinfect their systems and report the intrusion to law enforcement and incident response teams.

Featured

CES: So long, and thanks for all the beer!

Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for enjoying beer, writes BRYAN TURNER

Published

on

From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.

Here are some of the beer technologies that stood out:

LG HomeBrew – Craft beer made at home

LG’s HomeBrew craft beer-making machine,  debuted at CES 2019, brings the brewing process home thanks to single-use capsules,  a self-cleaning feature, and an algorithm optimised for fermentation. 

Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.

The beer machine not only offers a simple way to make craft beer, but also enhances the quality of beer it makes. The fermentation algorithm intelligently controls the fermenting process with precise temperature and pressure control. It automatically sanitises itself, using nothing more than hot water, ensuring everything is hygienically clean for the next batch.

Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now: 

  • Hoppy American IPA
  • Golden American Pale Ale
  • Full-bodied English Stout
  • Zesty Belgian-style Witbier
  • Dry Czech Pilsner

The only catch? It takes about two weeks to make, depending on the beer type.

“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”

Click here to read about the party speaker that holds beer and robots that pour beer.

Previous Page1 of 3

Continue Reading

Featured

CES: Alienware gets Legend-ary

Published

on

At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.

Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.

Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.

“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”

Click here to read about Alienware Legend in action with the Area-51m and m-series laptops

Previous Page1 of 3

Continue Reading

Trending

Copyright © 2018 World Wide Worx