that aimed to deliver a tool used by the Silence group of hackers . The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector . The fraudulent emails purported to comeAttack.Phishingfrom the Central Bank of Russia ( CBR ) and contained a malicious attachment . The message body luredAttack.Phishingthe recipients to open the attachment in order to check the latest details on the `` standardization of the format of CBR 's electronic communications . '' Email authentication mechanism saves the day International cybersecurity company Group-IB investigated the attack and noticed that the style and format of the fake communication were very similar to the official CBR correspondence . This supports the theory that the attackers had accessAttack.Databreachto legitimate emails from CBR . If Silence hackers have any ties with the legal side of reverse engineering and penetration testing , it is very likely that they are familiar with the documentation used by financial institutions and with how banking systems work . In a report published today , Group-IB says that the attackers spoofedAttack.Phishingthe sender 's email address but the messages did not pass the DKIM ( DomainKeys Identified Mail ) validation . DKIM is a solution specifically designed to prevent forged email addresses by adding to the message a signature that confirms its authenticity . Banks see more spear-phishingAttack.Phishingfrom a different group The Silence hackers are not the only ones trying their spear-phishingAttack.Phishinggame on Russian banks . On October 23 , another notorious group , MoneyTaker , ran a similar campaign against the same type of targets . Their message spoofedAttack.Phishingan email address from the Financial Sector Computer Emergency Response Team ( FinCERT ) and contained five attachments disguised asAttack.Phishingdocuments from CBR . `` Three out of five files were empty decoy documents , but two contained a download for the Meterpreter Stager . To carry out the attack , hackers used self-signed SSL certificates , '' says Rustam Mirkasymov , Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert . These clues , along with server infrastructure associated with the MoneyTaker group , allowed the security experts to identify the perpetrator . As in the case of Silence , this attacker is also thought to have had accessAttack.Databreachto CBR documents , most likely from compromised inboxes of Russian banks employees . This allowed them to craftAttack.Phishingmessages that would pass even eyes trained in spotting fraudulent emails . Silence and MoneyTaker are the most dangerous threats to banks According to Group-IB , multiple groups use the Central Bank of Russia in spear-phishingAttack.Phishingoperations , and for good reason , since the organization dictates regulations to financial institutions in the country and maintains a constant communication flow with them . Mirkasymov says that Silence and MoneyTaker are the most dangerous of all groups that threaten financial organizations . Referring to the latter , the expert says that its repertoire also includes drive-by attacks and testing the network for vulnerabilities . The goal is to access the internal nodes that enable them to withdraw money from ATMs , process cards or interbank transfers . Although Silence uses mainly phishingAttack.Phishing, they are more careful about craftingAttack.Phishingthe message , paying attention to both content and design , adds Group-IB 's threat intelligence expert .
Robotics & Automation News Market trends and business perspectives January 5 , 2017 by Mark Allinson A globally co-ordinated cyber attack has hit 500 industrial companies in 50 countries in the past few months , according to security company Kaspersky . The worst affected were companies in the smelting , electric power generation and transmission , construction , and engineering industries . The attacksAttack.Phishingtake the form of emails purportedly fromAttack.Phishingfamous companies – such as DHL and Saudi Aramco – and most were sentAttack.Phishingfrom “ legitimate email addresses belonging to valid organizations ” , says Kaspersky . However , Kaspersky says its analysis of the emails compared to known malware shows that “ no new code was written specifically for this attack ” . Kaspersky says the hackers could have accessedAttack.Databreachand read previous communications between the target and their partners . They may then have used this information to craftAttack.Phishingemail communications which appear to be legitimate , so that the victim didn ’ t recognize the malicious aspect of the email . If the email is opened , it can stealAttack.Databreachthe user ’ s authentication credentials , which are send to a remote server .