A new wave of cyberattacks targeting banks and energy companies has been recorded in Russia. Employees of these organizations receive numerous phishing emails with infected links, clicking on which is fraught with data theft from the computer.
It is reported that the malicious message contains an office document. The victim clicks on it and gets to the text hosting Pastebin, which downloads images from the Imgur service, which in turn contains malicious code. Thanks to it, attackers can steal secret files, withdraw funds, or install spyware on a user’s computer.
“Since the chain consists of four stages, the protection tools that companies use cannot detect it, they are designed for shorter activity of malware,” explained Igor Zalevsky, head of the center for the investigation of cyber incidents of JSOC CERT Rostelecom-Solar.
The company said that about 60% of phishing emails were received by employees of the energy sector, but 80% of all attacks turned out to be aimed at banks.
Zalevsky added that the attack is similar to the activity of the hacker group Silence, which just specializes in credit organizations. It is possible that the group decided to expand the scope of its activities or it’s completely different hackers copying the behavior of Silence.
Group-IB confirmed that the attack recorded by Rostelecom-Solar was previously carried out in the banking sector.
Information security experts said that in 2020, energy companies will become the “main targets” for cybercriminals.
Andrey Arsentyev, head of Analytics and special projects at InfoWatch group, agrees with this assessment, he called the energy sector one of the “most attacked” in recent years. According to Denis Kuvshinov, a leading specialist of the PT Expert Security Center Positive Technologies cyber threat research group, the main goal of cybercriminals targeting the energy sector is industrial espionage, as well as the impact on critical infrastructure.