[ad_1]
Image: Symantec
According to a report released today by US security giant Symantec, four banks and financial institutions in West Africa have been victims of four different hacking campaigns.
Organizations in Cameroon, Congo (DR), Equatorial Guinea, Ghana and Cote d'Ivoire have been affected, Symantec said today.
The attacks, which have not yet been attributed to a group of hackers, have included the use of low-end malware and applications found natively on Windows systems (a tactic called "live from Earth").
The malware used in these attacks are the ones you find shared for free online, or anyone can buy through dedicated websites or hacking forums.
The list includes Cobalt Strike (a stylus test infrastructure reused as a modular backdoor), Mimikatz (a stylus test tool reused as a pbadword thief) and the three NanoCore, a remote control monitor. (Rats).
Symantec adds that hackers also used local tools such as PowerShell (a native Windows scripting utility), PsExec (a Microsoft Sysinternals tool used for running processes on networked systems), and Windows RDP (a utility Windows native for connecting to remote Windows systems via a desktop interface). Attackers have also deployed UltraVNC, an open source remote administration tool that system administrators in some organizations install to allow them to connect and manage remote systems, such as TeamViewer, PsExec, or RDP.
The following is a summary of Symantec's four different hacking campaigns against West African banks and financial institutions. The company does not know yet whether they were made by the same group or not.
| Campaign | Tools | Countries | beginning |
| 1 | NanoCore, PsExec | Ivory Coast and Equatorial Guinea | Mid-2017 |
| 2 | PowerShell, Mimikatz, UltraVNC, Cobalt Strike | Cote d'Ivoire, Ghana, Congo (DR) and Cameroon | End of 2017 |
| 3 | Remote handling system RAT, RDP, Mimikatz | Ivory Coast | – |
| 4 | RAT of imminent monitor | Ivory Coast | December 2018 |
Some readers might be surprised by the attention paid to attacks on African banks, but it is actually a trend that many industry experts are facing.
Over the last two years, various hacking teams, of Russian and North Korean origin, have focused their efforts on banks and financial institutions located in Southeast Asia, Eastern Europe. and in South America.
Experts from several cybersecurity firms have pointed out that banks are targeted in these regions because they may not all invest in their IT infrastructure and cybersecurity measures. A poorly designed and unsupervised network facilitates attacks and facilitates hacking for long periods of time, compared to an attack on banks in Western Europe or North America.
According to Africa, Symantec notes that Africa, which has not surprisingly been targeted so far, has missed reports in recent years.
Unfortunately, the period of calm of the African financial sector seems to be over.
Compromise indicators for these recent attacks are available in the Symatec report, right here.
More news on cybersecurity:
Source link
