Experts from Kaspersky Lab and Sberbank, one of the largest banks in Russia, worked closely with the Russian law enforcement agencies under investigation for gang Lurk, which led to the arrest of 50 people. The detainees are suspected of involvement in the creation of the infected computer network used to steal more than $ 45 million from banks, other financial institutions and companies. The practice lasted from 2011. It is the largest in the history of the arrest of hackers, which took place in Russia.
In 2011. Experts from Kaspersky Lab detected the activity of an organized gang underground economy, which used the Trojan Lurk – sophisticated, versatile and multi-module malicious software with broad functionality – in to gain access to victim machines. In particular gang is looking to come to the remote banking services to steal money from the accounts of customers.
“Our experts participated in the investigation of law enforcement agencies on gang Lurk from the outset. Early on we knew that Lurk is a group of Russian hackers, which poses a serious threat to organizations and users. Lurk began to attack banks and a half years ago – earlier goal of this malicious software systems were different companies and customers. We analyzed this malware and hacker identified belonging to a network of computers and servers. Armed with this knowledge, the police could identify the suspects and collect evidence of crimes committed. We are pleased that we could contribute to bring further criminal court “- said Ruslan Stoyanov, chief. Studies of incidents of computer, Kaspersky Lab.
During the arrest the Russian police He managed to avoid making false money transfers worth more than 30 million registered dollars.
Lurk Trojan
In order to spread malware group Lurk has infected a number of legitimate websites, including leading media and information services. Infection was used vulnerabilities in servers, which were attacked party. It was enough that the victim visited an infected site to the computer has been infected with Trojan Lurk. Once inside the computer worm began downloading additional modules, which allowed him to steal the victim’s money.
Party media were not the only non-financial objective of this group. To hide their tracks using a VPN connection, the criminals broke into the well to a variety of IT and telecom companies, using their servers in order to preserve anonymity.
Trojan Lurk distinguished by the fact that the malicious code is not stored on disk the infected computer, but only in RAM. Moreover, its creators have tried to the greatest extent possible solutions make it difficult to detect virus threats. To do this, they have used various VPN services, an anonymous network Tor, modified points Wi-Fi connectivity and servers belonging to the victim organizations IT.
Experts sensitize the company to pay more attention to its protection mechanisms and regularly carry out safety checks IT infrastructure. Extremely important it is also to impress upon employees the basics of responsible behavior on the Internet.
In addition, companies should implement security measures that will allow them to detect targeted attacks. The best strategy is to complement the approach to risk prevention mechanisms threat detection and response. Even the most sophisticated targeted attacks can be identified on the basis of unusual activity in comparison with the usual business processes.
No comments:
Post a Comment