Russian Banks attacked by “BlackEnergy” Exploitation Kit
The US is not the only country that is facing constant hacking attacks. According to an article on The Register, Banks in Russia and the Ukraine are also facing heavy attacks by cyber crime gangs:
The attacks are being carried out with the help of a top-to-bottom revision of BlackEnergy, a popular hack-by-numbers toolkit that until recently was used primarily to launch DDoS, or distributed denial-of-service, attacks. Eastern European criminal gangs are using the expanded capabilities of BlackEnergy 2 to siphon funds out of electronic bank accounts and then assault the financial institutions with more data than they can handle, said Joe Stewart, a researcher with security firm SecureWorks’ Counter Threat Unit.
The first version of BlackEnergy was mostly a Denial of Service tool. It gained notoriety when used by the Russians in the invasion of Georgia in 2008. It has since been modified to attack banking applications. Blackenergy 2 hides its infiltration attempts with a denial of service attack. According to Eweek:
“The one thing about BlackEnergy’s diving into cyber-fraud is that it’s also got these DDoS capabilities, and what this criminal group is doing is they’re using this banking plug-in to steal authentication credentials and then they are turning around and launching denial of service attacks against the same banks that use this authentication system. So it would seem that what they’re doing is logging into the accounts and transferring money, and then launching an attack against the bank to distract them perhaps from being able to notice these transactions have occurred, or if they are getting notified, they are paying more attention to this denial of service attack that’s taken all of their customers offline.”
It used to be that Denial of Service attacks were just a hinderance. Now, it is a common tactic of hackers to use a Denial of Service attack to cover up a deeper, more sinister penetration attempt. The IT Department focuses on the Denial of Service attack and they try to restore connectivity. In the mean time, the real attack may even slip through intrusion detection systems undetected in the flood of packets.
I just find it interesting that a weapon that Russia used to attack another nation has been turned against itself. Does anyone else see this as ironic?