A security company recently discovered that 140 banks in 40 countries have been hacked with invisible malware. Researchers also have no clue who is behind the attacks. What's more troubling is that ATMs could be controlled remotely.
Security researchers from Kaspersky Lab have found out there is a series of "invisible" targeted attacks. It seems Meterpreter code along with some legitimate PowerShell scripts and other utilities were utilized. The malware would bury itself in the computer's memory to prevent being detected. The attackers, which may be after sensitive information collect passwords from system administrators.
Once the hackers have this information, the researches claim that the attackers had access to the machines. The company also says these attacks are pretty big in scale. More than 140 enterprise networks in a range of business sectors are affected by this. USA, France, Ecuador, Kenya, the UK and Russia are noted to have the most victims.
"The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible," said Kaspersky. "or even whether it is a single group or several groups sharing the same tools."
Sergey Golovanov from Kaspersky Lab also says, "The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware."
According to Tempo, it seems that the attackers are also still on the loose. It must be noted that to detect an attack, it will only be possible in RAM, the network and registry.
Some time in late 2016, Kaspersky said cyber criminals were using as many as 24,000 computer systems to take down some sites. A few Russian banks were affected by a series of distributed denial of service (DDoS) cyber strikes. The attacks happened through a network of Internet of Things (IoT) devices found in 30 different countries.