One of the global leaders in preventing and investigating cyber crimes Group-IB reported on the blocking of 5 accounting sites created specifically for stealing money through the Bank Client system.
According to Group-IB, the goal of hackers is to infect visitors with viruses Buhtrap and RTM. Accountants, lawyers and other professionals working with remote banking services (RBS) have become victims of attacks. From April at least 200 thousand people have already visited three of five websites.
The scheme was detected after trying to load Malware in one of the Russian Banks. During the investigation police established that Trojan was loaded from the website buh-docum[[dot]]ru containing hundreds of specialized documents for accountants. The resource was in the top place in all search engines. According to Group-IB, hackers received about 1.2 million rubles (1.3 million INR) of each successful attack per day.
Experts note that owners of legitimate sites can easily detect presence of a malicious software. So, the attackers are moving to a different technique – creating websites with hundreds of useful documents.
“if an accountant needs a specific document that is not available anywhere, he will go to any website, any forum for information.”, the local media quote Yulia Gladysheva, an Energy Consulting partner,as saying.
According to Russian Global Cybersecurity company Positive Technologies, the use of the malicious software is one of the most common methods of attacks. Alexey Novikov, Head of the Security Center of Positive Technologies, said that it is necessary to control the security of computers.
In this case, it is extremely difficult for Banks to protect their client from theft. Banks can’t control the actions of accountants: whether they visit questionable sites, whether they download infected files, whether they have an antivirus. However, according to Alexei Lukatsky, Security Consultant of Cisco, there are ways to stop hackers. For example, one computer will prepare a payment, then this payment will be sent to the bank from another computer. The Central Bank of Russia hopes that this measure will complicate the work of hackers.