Moscow The warning comes first-hand: Kaspersky Lab, the largest Russian software manufacturer and one of the world's leading companies in the field of security IT, speaks of a "wave of targeted attacks on large banks" in some African countries. Since the beginning of the year, the company has blocked hundreds and sometimes even thousands of attempts to attack the infrastructure of banks in Africa every day, said Kaspersky Lab's chief antivirus program expert Sergei Golovanov.
The attackers are said to be the Russian-speaking hacking group "Silence". Reports of this group first appeared in 2016. The members have specialized in banks and send virus-infected phishing emails. When these e-mails are opened, users unintentionally load Trojans onto their computers or cell phones, which then spy on confidential data such as passwords.
According to Golowanow, hackers used to focus on Eastern Europe, the Asia-Pacific region, and Latin America. Since the end of 2019, however, they have increasingly drawn their attention to other goals. With the African banks, Silence has already secured administrator rights in the internal network of the banks, with whose help they are now scanning the infrastructure for weaknesses. "The attacks are already in their final stages," said Kaspersky Lab.
That should mean that Silence already has a number of confidential customer data from these banks and is now trying to use it for fraud purposes. "The main goal of Silence is the theft of money," confirms Golowanow. Kaspersky estimates that the hackers are trying to steal an average of about $ 1 million per attack.
Silence is not the only Russian-speaking hacker group that has invested in banks: Back in October last year, Group-IB, another Russian security software company and partner of Interpol and Europol, named five groups that were dangerous for Russian banks. In addition to Silence, these were Cobalt, MoneyTaker, Lazarus and SilentCards.
Even then, Group-IB warned that Silence was expanding more and more into international markets and launched attacks in 30 countries, including Europe. Silence alone is said to have caused millions of euros in damage back then. According to Group-IB, another hacker group, TA505, also significantly increased its global activities, especially towards African banks, at the end of 2019. Group-IB specifically mentions Senegal as one of the countries concerned.
The increase in cyber crime is also noticeable in Russia
Apparently, the hackers rely on technological backlog and corresponding security problems in the region. However, this does not mean that European banks are immune to attacks from Russia. According to the Group IB, many hackers have reoriented themselves in the past year. Russia was initially tested as a test field before the hackers expanded internationally, she concluded.
The vulnerability of western security systems was not only demonstrated during the US election, when Russian hackers gained access to Hillary Clinton's mail traffic. The Bundestag has also been the target of an attack. And the Federal Office for Information Security only last autumn – after an attack on the Austrian People's Party in the local election campaign – renewed a warning to German parties and spoke of a "high threat situation in the area of political actors".
German banks were most recently victims of a large-scale attack by international hacker groups in 2014 and 2015. At that time, criminals estimated to have raided $ 1 billion in attacks on around 100 banks in 40 countries. The scheme was simple: the perpetrators sent phishing emails to bank employees. As soon as they opened the emails, the malware installed on the bank servers. In addition, the perpetrators managed to loot accounts and ATMs. A leader of the hacking group Cobalt was arrested in Spain two years ago.
Just a week ago, a hacker attack paralyzed the websites of many savings banks and the second largest German direct bank DKB. Both banks and the supervisory authority fear that a large-scale hacker attack would shake the financial market significantly.
In early 2019, the US security company CrowdStrike created a ranking of the fastest and most sophisticated hackers. The list once again led Russia. Skillful Russian hackers only need 18 minutes to spread across a network after infecting a computer.
Russia itself is also experiencing an increase in cybercrime – albeit less in the banking sector because financial institutions have become more secure. Overall, crimes online have increased by around 70 percent compared to 2018, according to the industry news CNews. CNews quotes the Home Office's nine-month numbers, according to which over 200,000 cybercrimes have been committed across Russia. The damage is estimated in euros at an average three-digit million amount.
After all, the clearing-up rate is also increasing. From January to September 2019, the Russian police found 14,200 criminals in the area. According to the Home Office, the clearance rate has increased by 50 percent. However, IT experts are convinced that just a quarter of all crimes are solved – in most cases, those affected do not even go to the police because of the low damage.
More: Hacker attacks endanger the financial system. The dangers are great – also because the attacks are not just criminals, but also spies.