Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Financial institutions need to better protect themselves

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 21, 2017

Details are still sketchy for now, but it looks like the cybercrime group RTM could be deploying complex malware based on the Delphi programming language to better target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.

The issue was severe enough to warrant an advisory from FinCERT, a Russian CERT responsible for fighting cybercrime targeting Russian banks and financial institutions late last year.

Specifically, RTM is using its malware to spy on victims in a variety of manners such as potentially monitoring keyboard strokes and smart cards inserted in various systems, according to security software firm ESET.

Malicious software allows all-time monitoring of banking-related activities as well as the possibility to upload files from the compromised system to its Command and Control (C&C) server.

"The malware actively searches for export files common to popular accounting software mainly used in Russia," said Ian Boutin, a malware researcher at ESET.

The targeted files are associated with a popular accounting software called "1C: Enterprise 8" and are likely to be of interest since they can contain details of bulk bank transfers, an intermediary step in RBS execution of payment and orders.

These text files can be tweaked by the criminals to modify recipient account details in order to trick victims into sending funds to an account maintained by likely low-level members of the group of cyberattackers.

RTM, which ESET says has been active since 2015, isn't exactly the first group to pursue this method of attack. Others like Buhtrap and Corkow have also targeted RBS users in the past, slowly building an understanding of the network and building custom tools to steal from corporate victims.

RTM is another manifestation of a growing trend these days in cybercrime involving specialized criminals mounting specific targeted attacks against financial institutions' clients.

RTM's victims are largely located in Russia and surrounding areas but other groups are also using similar tactics and are still very active in Western Europe, among other regions.

"The growth in overall capabilities and their selected methodology of groups like these, which are primarily targeting Russia at the moment, suggests that businesses in other parts of the world, vulnerable to similar attacks, are likely to be their next targets," Boutin asserted.

In August 2016, MELANI, a Swiss reporting and analysis centre for information assurance, issued a newsletter warning several companies against potential hacker groups targeting offline payment software using the Dridex malware.

Additionally, ESET released a white paper on RTM's nefarious activities today, available on its website. We'll keep you posted.

Source: FinCERT & ESET.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer