The Silence hacking crew, mostly attributed to a group of very crafty Russian hackers, has struck again pulling-in over $3 million in cash from ATMs.
At least 3 banks have been attacked in the latest campaign, with Dutch Bangla Bank being the largest. The criminal hackers first compromised the bank’s card management infrastructure then undermined the integrity of the approval systems allowing co-conspirators to use bank ATMs to withdraw large sums of cash totaling over $3 million.
This hacking crew originated in Eastern Europe around 2016 and first started attacking financial institutions in Russia, Ukraine, and Poland before expanding into the Asia Pacific region. Banks in India, Bangladesh, and Sri Lanka are the most recent targets.
Silence is considered a top tier cyber-criminal group. Their methods are technically sophisticated and they operate with a good degree of patience. There is speculation they may have deep experience in penetration, reverse engineering, application development, and even security practices.
With custom software, effective hacking skills, and a network of money mules, this band is able to victimize banks at incredible levels. Their success in stealing large sums of cash will only promote more attacks.
Customers cannot stop such attacks. Because Silence targets the banking and ATM infrastructures, there is little the everyday user can do to protect themselves other than bank with a reputable institution that will actively work to prevent, detect, and respond to such attacks.
From a risk perspective, Silence is ranking high among hacking groups. A new breed of highly capable and technically savvy threat groups are emerging. Some are direct appendages or supported by Nation States while others are smart organized criminals looking to leverage the opportunities in the digital world for their own profit. Regardless, these groups are at the forefront of developing stealthy and effective exploits, driving malware capability evolution, and pulling off some of the biggest heists against the financial community. Success allows for reinvestment in tool, capabilities, and reach. This makes them stronger and more difficult for cross-border authorities to track and take-down those responsible.
This is not the last we have heard from Silence or others of their ilk. I predict by the end of 2019 we will see a number of significant breaches to APAC banks which will stir great concern across the global financial landscape, effecting both traditional banking as well as emerging cryptocurrency exchanges.
The cybersecurity firm Group-IB has been tracking the activities of the Silence group for several years and has a good write-up of their profile and evolving techniques.