A newly-found group of cyber hackers conducted targeted attacks and espionage over 12 months and collected millions of dollars.
The group, named ‘Anunak’, targeted payment systems and banks in Russia and former CIS countries. The group had breached more than 50 banks in Russia, 5 payment systems and 16 retail companies, according to a joint research by Fox-IT (based in Netherlands) and Group-IB (based in Moscow).
Criminals mainly focused on retail networks and mass media resources in Latin America, USA and Europe. According to researchers, more than $15 million in total has been stolen by the hacking group, most of the amount during the past 6 months.
The report informed Anunak previously conducted common financial fraud, such as stealing from corporate and consumer banks in Russia and Europe. In 2013, the group moved to a new location, attacking internal systems at electronic payment systems and banks in the former soviet bloc and Russia. Some even stated the group was behind the data breach at Staples, and earlier payment card breaches at Bebe and Michael’s.
“The anti-fraud measures employed by banks has pushed the criminals to search for new ways to make money with less barriers.”
“Compromising and modifying or taking data from banks, payment providers, retail and media/PR companies are some of these methods,” said the report.
The report further informed that hackers used a mixture of banking Trojans, backdoor malware and botnets to breach internal networks – especially in the banking industry. The attack method represents a shift away from traditional methods to conduct attacks in the banking sector.
Having gained access to the internal networks, hackers gained control over the PCs of IT specialists and system admins, and then record actions to understand how to work according to the organization of the company.
Also, by taking over email communications, they could monitor internal happenings and utilize remote control programs to monitor the compromised network. The hacking group also infected malware in ATM management systems to generate money through future requests.
“Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between APT and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cyber-crime ecosystem,” said Fox IT’s general manager and SVP, Andy Chandler, in a press statement.
The report highlighted the average time it would take for Anunak to steal money after gaining access to a internal network – 42 days.
Beefing up security against hacking groups
The report stated that hackers utilized a combination of botnets, backdoor malware and Trojans to gain access to internal networks in the banking sector. Banks and other financial institutions can consider the option of Massive Strixus Global and other similar solutions to implement counter-measures and proactive strategies that not only safeguard their internal networks but also protect the integrity of their overall digital infrastructure.
As for retailers, they can leverage threat intelligence feeds that notify when a payment card system is breached, as well as alert the retailer about what kind of data was attacked when a breach took place. While such solutions aren’t a silver bullet against attacks such as ones conducted by Anunak Hackers group, they can greatly mitigate the damage, and in some cases, enable organizations to respond before the damage is done.