Australia Warns Finance Sector of DDoS Threats'Silence Hacking Crew' Demands Monero Ransom
Australia’s financial sector should brace for the potential of distributed denial-of-service attacks, the nation’s top cyber agency has warned.
The Australian Cyber Security Center says it is aware of “a number” of ransom threats made toward banking and finance organizations.
“The threats in question are delivered via email and threaten the recipient with a sustained DDoS attack unless a sum of the Monero cryptocurrency is paid,” the ACSC says.
The ACSC notes, however, that it hasn’t been able to verify the legitimacy of the threats, and that it appears that, none have resulted in actual DDoS attacks.
The group behind the threats is calling itself the “Silence Hacking Crew,” but the ACSC also advised it has been unable to verify that as well.
DDoS attacks are intended to jam a service by sending overwhelming amounts of traffic. While such attacks can be devastating for smaller organizations, banks and financial institutions usually have adequate defenses in place to minimize disruption.
Even the shortest amount of downtime as a result of such attacks, however, can anger customers and generate attention.
The Same Silence?
It's not clear if the Silence Hacking Crew is connected with the well-known group of suspected Russian-speaking cybercriminals that go by the name Silence.
The Silence group has been active since at least June 2016, according to the cybersecurity firm Group-IB. It primarily starts attacks against banks using phishing emails, which may contain malicious Microsoft Word documents, compressed HTML files or .lnk shortcuts that lead to malicious attachments, according to a report released by Group-IB last year.
The group specializes in “jackpotting,” which involves gaining control of ATMs and forcing the machines to disgorge cash. Group-IB also says the Silence group focuses on compromising card processing systems.
Last year, Silence was suspected of compromising the systems of Dutch-Banga Bank in Bangladesh, resulting the loss of around $3 million, and Omsk IT Bank in Russia, causing the loss of around $400,000.
Group-IB found a DDoS bot called Perl IrcBot on one of Silence’s servers, according to a Group-IB report on Silence from 2018. Group-IB says the group conducteded DDoS attacks in 2017.
It’s not unheard of for cybercriminal groups to stage a DDoS attack as a distraction while something else nefarious happens in the background. The larger question in this case, however, is if the group making threats toward Australian banks is indeed the same group or if it is piggybacking on Silence’s reputation. Neither of Group-IB’s report mention DDoS extortion attempts.
Ransom demands under threat of a DDoS attack isn’t a typical modus operandi of Silence, says Rustam Mirkasymov, who is head of dynamic analysis of malware department at Group-IB.
“Silence usually carries out attacks on ATMs or via card processing,” Mirkasymov says.
He says it’s unlikely the group claiming to be Silence is actually the real Silence. Also, Silence has conducted more attacks in the APAC region but has not been seen in Australia so far, he says.
Much of the ACSC’s advice will sound familiar.
That includes blocking IP addresses that are the source of attacks. The agency also recommends “temporarily transferring online services to cloud-based hosting with high bandwidth and content delivery networks that cache non-dynamic websites.”
ACSC says its preferable to use multiple cloud service providers to maintain redundancy and use a DDoS attack mitigation service if an incident arises.