\nLa un an dup\u0103 ce Kaspersky Lab a avertizat c\u0103 infractorii cibernetici vor \u00eencepe s\u0103 adopte, pentru a jefui b\u0103nci, instrumentele \u015fi tacticile folosite ini\u0163ial de grup\u0103rile APT (Advanced Persistent Threats) cu sprijin statal, compania a confirmat revenirea Carbanak sub denumirea Carbanak 2.0 \u015fi a demascat alte dou\u0103 grup\u0103ri care opereaz\u0103 \u00een acela\u015fi stil: Metel \u015fi GCMAN. Acestea atac\u0103 organiza\u0163ii financiare folosind metode APT \u015fi malware personalizat, \u00eempreun\u0103 cu software legitim \u015fi metode inovatoare de a sustrage bani.<\/p>\n
\nGruparea de infractori cibernetici Metel are numeroase tehnici \u00een repertoriu, dar este interesant\u0103 \u00een special pentru o modalitate de operare deosebit de inteligent\u0103: ob\u0163in control asupra aparatelor din interiorul unei b\u0103nci, care au acces la tranzac\u0163iile cu numerar (de ex. call center-ul b\u0103ncii, computerele care asigur\u0103 suport tehnic) \u015fi, astfel, gruparea poate realiza automat rollback – \u00eentreruperea tranzac\u0163iilor la bancomat \u015fi revenirea la stadiul anterior.<\/p>\n
\nPrin rollback, balan\u0163a pe cardurile de debit r\u0103m\u00e2ne la fel, indiferent de num\u0103rul de tranzac\u0163ii f\u0103cute la bancomat. \u00cen exemplele identificate p\u00e2n\u0103 \u00een prezent, gruparea infrac\u0163ional\u0103 fur\u0103 bani merg\u00e2nd cu ma\u015fina prin ora\u015fe din Rusia, noaptea, \u015fi golind bancomatele de la mai multe b\u0103nci, folosind de fiecare dat\u0103 acelea\u015fi carduri de debit emise de banca al c\u0103rei sistem a fost afectat. Reu\u015fesc astfel s\u0103 ob\u0163in\u0103 bani pe parcursul unei singure nop\u0163i.<\/p>\n
\n\u201c\u00cen prezent, faza activ\u0103 a unui atac cibernetic se scurteaz\u0103. Atunci c\u00e2nd atacatorii se perfec\u0163ioneaz\u0103 \u00eentr-un anumit mod de operare, le ia doar c\u00e2teva zile sau o s\u0103pt\u0103m\u00e2n\u0103 s\u0103 ob\u0163in\u0103 ce vor \u015fi s\u0103 fug\u0103\u201d, spune Sergey Golovanov, Principal Security Researcher la Global Research & Analysis Team, Kaspersky Lab.<\/p>\n
\n\u00cen timpul investiga\u0163iei, exper\u0163ii Kaspersky Lab au descoperit c\u0103 membrii Metel reu\u015fesc s\u0103 infecteze ini\u0163ial un sistem prin email-uri de phishing create special, ce au \u00een attach documente malware, \u015fi prin intermediul pachetului de exploit-uri Niteris, care vizeaz\u0103 vulnerabilit\u0103\u0163ile din browser-ul victimei. Odat\u0103 p\u0103trun\u015fi \u00een re\u0163ea, infractorii cibernetici folosesc instrumente legitime \u015fi teste de vulnerabilitate (pentesting) pentru a avansa, ob\u0163in\u00e2nd acces asupra sistemului de control al domeniului local \u015fi, \u00een cele din urm\u0103, localiz\u00e2nd \u015fi ob\u0163in\u00e2nd control asupra computerelor folosite de angaja\u0163ii b\u0103ncii responsabili cu procesarea cardurilor.<\/p>\n
\nGrupul Metel este \u00eenc\u0103 activ, iar investiga\u0163ia asupra ac\u0163iunilor lor este \u00een derulare. P\u00e2n\u0103 acum, nu au fost identificate semne ale unor atacuri realizate \u00een afara Rusiei. Totu\u015fi, exist\u0103 motive de suspiciune c\u0103 ac\u0163iunile lor sunt mult mai r\u0103sp\u00e2ndite, iar b\u0103ncile din toat\u0103 lumea sunt sf\u0103tuite s\u0103 verifice dac\u0103 nu cumva au fost infectate.<\/p>\n
\nDar ca abilit\u0103\u0163i de a se ascunde, gruparea GCMAN merge \u015fi mai departe: uneori poate ataca cu succes o organiza\u0163ie f\u0103r\u0103 s\u0103 foloseasc\u0103 malware, doar cu instrumente legitime \u015fi de testare a vulnerabilit\u0103\u0163ilor. \u00cen cazurile identificate de exper\u0163ii Kaspersky Lab, ace\u015ftia au v\u0103zut gruparea deplas\u00e2ndu-se \u00een interiorul re\u0163elei, p\u00e2n\u0103 c\u00e2nd atacatorii au g\u0103sit un aparat ce putea fi folosit pentru a transfera bani c\u0103tre servicile de moned\u0103 electronic\u0103, f\u0103r\u0103 s\u0103 alerteze alte sisteme bancare.<\/p>\n
\n\u00centr-unul dintre atacuri, infractorii cibernetici au r\u0103mas conecta\u0163i la re\u0163ea timp de un an \u015fi jum\u0103tate, \u00eenainte de a declan\u015fa furtul. Banii au fost transfera\u0163i \u00een sume de aproximativ 200 de dolari, limita superioar\u0103 de pl\u0103\u0163i care pot fi efectuate anonim \u00een Rusia. La fiecare minut, organizatorul Cron declan\u015fa un script malware \u015fi o alt\u0103 sum\u0103 era transferat\u0103 \u00een conturi de moned\u0103 electronic\u0103 apar\u0163in\u00e2nd unui intermediar. Ordinele de plat\u0103 erau trimise direct, f\u0103r\u0103 s\u0103 apar\u0103 nic\u0103ieri \u00een sistemele interne ale b\u0103ncii.
\nCarbanak 2.0 marcheaz\u0103 revenirea grup\u0103rii APT Carbanak, cu acelea\u015fi instrumente \u015fi tehnici, dar un profil diferit al victimelor \u015fi modalit\u0103\u0163i inovatoare de a ob\u0163ine bani.<\/p>\n
\n\u00cen 2015, \u0163intele vizate de Carbanak 2.0 nu au fost doar b\u0103ncile, ci \u015fi departamentele de buget \u015fi contabilitate din orice organiza\u0163ie de interes. \u00centr-unul dintre exemplele studiate de Kaspersky Lab, banda Carbanak 2.0 a p\u0103truns \u00eentr-o institu\u0163ie financiar\u0103 \u015fi a reu\u015fit s\u0103 modifice creden\u0163ialele de\u0163inute de o mare companie. Informa\u0163iile au fost modificate astfel \u00eenc\u00e2t s\u0103 se refere la un intermediar al lor drept un ac\u0163ionar al companiei, afi\u015f\u00e2ndu-i ID-ul.
\n <\/p>\n","protected":false},"excerpt":{"rendered":"
La un an dup\u0103 ce Kaspersky Lab a avertizat c\u0103 infractorii cibernetici vor \u00eencepe s\u0103 adopte, pentru a jefui b\u0103nci, instrumentele \u015fi tacticile folosite ini\u0163ial de grup\u0103rile APT (Advanced Persistent Threats) cu sprijin statal, compania a confirmat revenirea Carbanak sub denumirea Carbanak 2.0 \u015fi a demascat alte dou\u0103 grup\u0103ri care opereaz\u0103 \u00een acela\u015fi stil: Metel […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[510],"tags":[10653,363,236,7267,8926,82,7820,272,32575,11056,30370,16943,14834,7543,7287],"class_list":["post-131095","post","type-post","status-publish","format-standard","hentry","category-actualitate","tag-atac","tag-atacuri","tag-banca","tag-banci","tag-bancomat","tag-bani","tag-carduri","tag-companie","tag-controlul","tag-financiar","tag-grupare","tag-infractori","tag-metode","tag-retea","tag-sistem"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/131095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=131095"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/131095\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=131095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=131095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=131095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}