The reason hackers go after financial institutions is because these places have valuable things like money, intellectual property, and sensitive customer information.
Hacked financial systems can result in monetary gain by means of theft, blackmail or disservice interruption.
Cybersecurity researchers at Palo Alto Networks recently discovered that Smoke Loader malware has been attacking financial institutions running Microsoft Windows.
Smoke Loader Attacking Financial Institutions
Smoke Loader malware targeted Ukraine from May to November 2023 by UAC-0006. Ukraine faces an unprecedented surge in cyberattacks amidst the ongoing conflict, with global threat actors exploiting the situation.
SCPC SSSCIP identified Smoke Loader as a prominent malware strain in recent attacks.
Smoke Loader, aka Dofoil/Sharik, is a Windows backdoor with info-stealing capabilities linked to Russian cybercrime.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Advertised since 2011, it surged in Ukraine in 2023, targeting financial/govt orgs likely in a coordinated disruptive effort.
Globally prevalent, it spreads via malicious emails/web vectors. The SCPC SSSCIP report analyzes 23 email attack waves from May-Nov 2023, providing technical insights for security professionals.
Prevention involves cautious email/download habits, strong passwords, and cybersecurity awareness.
Smoke Loader (aka Dofoil/Sharik) is a malicious loader first advertised in 2011’s criminal underground.
With capabilities beyond loading other malware, it has been globally documented spreading via emails, web exploits like Rig, and as a payload from malware like Glupteba.
Used by various groups against diverse targets worldwide, from recent Ukrainian attacks to Phobos ransomware campaigns, the actively marketed Smoke Loader is a versatile malware-as-a-service ideal for threat actors, making it a prime candidate in the reported Ukrainian incidents.
CERT-UA was first alerted on Smoke Loader activity by UAC-0006 in May 2023, issuing 6 more notices that year as UAC-0006 topped Ukraine’s financial crime ranks by December.
This suspected Russian cybercrime group uses Smoke Loader to deploy malware stealing funds from Ukrainian enterprises, attempting to steal tens of millions of hryvnias in August-September alone per CERT-UA.
The SCPC SSSCIP report details 23 Smoke Loader attack waves from May to December 2023, significantly heightening threats to Ukrainian accountants with a potential 1 million hryvnia weekly losses on average.
Smoke Loader attacks targeted Ukrainian organizations. Joint research with SCPC SSSCIP provided insights into attack vectors, payloads, objectives, and disrupting the attack chain.
Read the report for technical details. Prioritize security and smart online habits to defend against such threats.
Recommendations
Here below we have mentioned all the recommendations:-
- Always be vigilant.
- Avoid suspicious emails.
- Do not click on links.
- Make sure to not perform any downloads from unknown sources.
- Always use strong passwords.
- Make sure to stay informed about cyberthreats.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.