Posted on February 27, 2020 at 5:35 PM
Reports reveal that Australian banks are the targets of suspected DDoS attacks. The attackers are reportedly demanding a ransom to stop the threat, as reported by the nation’s cybersecurity unit.
Hacking group, silence, linked to the threat
Already, some attackers who call themselves Silence from Russia APT hacker group have been linked to the threat. The group is known for its attacks on financial institutions and banks.
The Australian Cyber Security Center (ACSC) said it could not verify the affiliation claims of the hacker group. However, it mentioned that the Australian banking sector had received a lot of threats.
On Tuesday, ACSC said, “The ACSC is aware of a number of DoS for ransom threats being made against Australian organizations, primarily in the banking and finance sector,”
It further stated that the hacking group sent their threats via email. They threatened the recipient with an impending DDoS attack if they do not comply to pay a certain amount in Monero crypto.
However, there has not been any reported incidence of any DDoS attack on the banks or any financial institution, says ACSC.
Attackers have significantly improved their operations
Group-IB, a cybersecurity company based in Singapore, has extensively researched Silence. Last year August, the firm said that the hacker group has expanded its operations and increased its efficiency when it comes to cyber-attacks.
At first, Silence limited its activities to post-Soviet states and neighboring countries. However, Group-IB said the group has now expanded not only in operations but in geographical targets as well.
The attacking group made use of phishing emails to raid their victims’ systems. They also tested the validity of the email addresses through email campaigns. I
n addition, the attackers, while remaining unnoticed, got information from a targeted firm about its cybersecurity solutions. When they get this information, they devised means to penetrate and infuse their systems with DDoS attacks.
However, Group-IB’s head of dynamic analysis, Rustam Mirkasymov, said the group initially did not operate through ransom DDoS. He reiterated that the initial operational method of Silence was to perpetrate attacks on ATMs through processing cards. According to him, DDoS may be a new area the group may be exploring.
He further pointed out that Silence’s geographical operational scope has expanded to other Asian countries, but they do not have any presence in Australia.
The threat may not come from silence APT
The cybersecurity firm said it has been monitoring the activities of the syndicate for the past four years. With the firm’s knowledge of their activities and operational methods, it is highly unlikely that the recent ransom DDoS campaign seen in Australia may have been from the Silence APT.
According to Group-IB, the ransom DDoS attack method is very different from the usual attacking methods of the silence Group
Mirkasymov reiterated that the hacking group like Silence has been used in the past to warn people of an impending attack. He said in October last year, the Group-IB team discovered a heavy campaign dispersing similar information about an impending DDoS attack to intimidate victims within the banking and financial sector.
The attackers posed as the infamous Fancy Bear and warned the banking community of an impending DDoS attack unless a ransom is paid.
Banks have security framework for DDoS threat
The DDoS attack is one of the most common attacking methods, particularly in the banking and financial sector. It sends an enormous amount of data or traffic to the network, thereby giving the system too much to handle. As a result, the system or network crashes due to overload.
Although this type of attack can have a severe negative impact on smaller organizations, larger institutions like banks and other major financial institutions have the defenses to significantly reduce its impact.
However, even the slightest disruption can have a negative impact on customers, since the banking sector is a service one with more emphasis on customer satisfaction.
Even the slightest amount of downtime due to DDoS attacks can cause a rift within customers and draw a lot of attention.