Cybersecurity specialist Kaspersky Lab, which is warning banks of renewed activity by the so-called Carbanak cybergang, reports that it also has evidence of a malware-as-a-service platform which has hit more than 400,000 users and organisations worldwide.
The Russian security company has named the remote access trojan (RAT) ‘Adwind’, but it is also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat. Among the main features distinguishing the Adwind platform from other commercial malware is that it is distributed openly in the form of a paid service, where the “customer” pays a fee in return for use of the malicious programme.
Kaspersky Lab researchers estimate that there were around 1,800 users in the system by the end of 2015, making it one of the biggest malware platforms currently in existence.
The research suggests that clients of the Adwind platform fall into the following categories:
• Scammers seeking to move to the next level, using malware for more advanced fraud,
• Unfair competitors.
• Cyber-mercenaries, or ‘spies for hire’.
• Private individuals who wish to spy on people they know.
Kaspersky Lab believes that since it began its investigation in 2013, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organisations worldwide and that both the platform and the malware are still active.
At the end of last year, its researchers became aware of an unusual malware programme discovered during an attempted targeted attack against a bank in Singapore. A malicious Java Archive (JAR) file was attached to a spear-phishing email received by a targeted bank employee. The malware showed rich capabilities, including its ability to run on multiple platforms as well as the fact that it was not detected by any antivirus solution.
Investigation showed that the organisation had been attacked with the Adwind RAT, a backdoor available for purchase and written entirely in Java; making it cross-platform. It can run on Windows, OS X, Linux and Android platforms providing capabilities for remote desktop control, data gathering and data exfiltration.
The researchers also analysed nearly 200 examples of spear-phishing attacks launched by unknown criminals to spread the Adwind malware, and found that the targets were across a wide range of organisations and industry sectors.
“The Adwind platform in its current state lowers significantly the minimum amount of professional knowledge required by a potential criminal looking to enter the area of cybercrime,” said Aleksandr Gostev, chief security expert at Kaspersky Lab.
“What we can say based on our investigation of the attack against the Singaporean bank is that the criminal behind it was far from being a professional hacker, and we think that most of the Adwind platform’s “clients” have that level of computer education. That is a worrisome trend.”
“Despite multiple reports about different generations of this tool, published by security vendors in recent years, the platform is still active and inhabited with criminals of all kinds,” added Vitaly Kamluk, director of global research and analysis team in Asia Pacific.
“We’ve conducted this research in order to attract the attention of the security community and law enforcement agencies and to make the necessary steps in order to disrupt it completely.”
Kaspersky Lab said that it has reported its findings on the Adwind platform to law enforcement agencies. It is also recommending that all enterprises review the purpose of using a Java platform and to disable it for all unauthorised sources.
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.
Apps are a critical part of treasury's shift into mobile banking as 67% of treasury and corporate finance professionals said mobile banking services are of particular interest to them in a recent survey.
The fact that the world’s biggest technology firms are branching out into the physical world is a huge opportunity for traditional business models, said inspirational speaker Laurent Haug told treasurers at the BNP Paribas Cash Management University.
It’s no secret that technology is rapidly changing the face of treasury. Joseph Reger, fellow and chief technical officer in EMEIA at Fujitsu, believes that 2018 will be a coming of age for both artificial intelligence and the Internet of Things (IoT).