New cyber threat tracks online banking

SECURITY

|
Image: By BiztechAfrica
New cyber threat tracks online banking

Kaspersky Lab has announced the discovery of ‘Gauss’, a new cyber-threat targeting users in the Middle East. Gauss is a complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.

The online banking Trojan functionality found in Gauss is a unique characteristic that was not found in any previously known cyber-weapons.

Gauss was discovered during the course of the ongoing effort initiated by the ITU following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.

ITU, with expertise provided by Kaspersky Lab, is taking important steps to strengthen global cyber-security by actively collaborating with all relevant stakeholders such as governments, the private sector, international organizations and civil society, in addition to its key partners within the ITU-IMPACT initiative.

Kaspersky Lab’s experts discovered Gauss by identifying commonalities the malicious program share with Flame. These include similar architectural platforms, module structures, code bases and means of communication with command & control (C&C) servers.

Analysis indicates that Gauss began operations in the September 2011 timeframe. It was first discovered in June 2012, resulting from the knowledge gained by the in-depth analysis and research conducted on the Flame malware.

The Gauss C&C infrastructure was shutdown in July 2012 shortly after its discovery. Currently the malware is in a dormant state, waiting for its C&C servers to become active.

Since late May 2012, more than 2,500 infections were recorded by Kaspersky Lab’s cloud-based security system, with the estimated total number of victims of Gauss probably being in the tens of thousands. This number is lower compared to the case of Stuxnet but it’s significantly higher than the number of attacks in Flame and Duqu.

Gauss steals detailed information about infected PCs including browser history, cookies, passwords, and system configurations. It is also capable of stealing access credentials for various online banking systems and payment methods.

Analysis of Gauss shows it was designed to steal data from several Lebanese banks including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. In addition, it targets users of Citibank and PayPal.

Another key feature of Gauss is the ability to infect USB thumb drives, using the same LNK vulnerability that was previously used in Stuxnet and Flame. At the same time, the process of infecting USB sticks is more intelligent. Gauss is capable of “disinfecting” the drive under certain circumstances, and uses the removable media to store collected information in a hidden file. Another activity of the Trojan is the installation of a special font called Palida Narrow, and the purpose of this action is still unknown.

Alexander Gostev, Chief Security Expert, Kaspersky Lab, commented: “Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program. Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasizing stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”



Share the News

Get Daily Newsletter

comments powered by Disqus

MORE SECURITY NEWS

Leading newspaper site hacked

Botswana is seeing unprecedented cases of internet hacking with one of the latest attacks targeting one of the country’s leading private newspapers, Mmegi. Read More

Senegal hit by wave of cyber attacks

Senegal has been hit by a wave of hackings in the past two weeks, two of which hit the popular news website Seneweb.com and ADIE. Read More

Cyber attacks may get more virulent, Cisco, Kaspersky warn

Cyber attackers are using more subtle methods to infiltrate corporate networks with the aim of stealing vital information or simply causing mayhem. This is according Kaspersky Lab and Cisco, who say IT security experts should up their game in educating users how to ward off potential attackers. Read More

SIM box task team steps up successes with help from ICT firm

Ghana’s efforts to crack down on SIM boxing fraud have been given a boost by the efforts of Subah Infosolutions Ghana Limited, which now partners with the authorities in the fight against this crime. Read More

Software vulnerability led to Ghana govt site hack

A software vulnerability and failure to update software led to the hacking of some websites on the government of Ghana’s official portal. Read More

CBN issues directive on two factor authentication for internal banking processes

The Central Bank of Nigeria has issued a directive requiring all deposit money banks (DMBs) to implement two factor authentication for internal processes this year. Read More

SA: 57% could not recover money stolen in online fraud

A recent survey conducted by Kaspersky Lab and B2B International found that more than half of those respondents in South Africa who lost money in fraudulent online transactions did not get all – or sometimes any – of their funds back. Read More

Addressing the mobility gap in corporate security

Mobile devices have the potential to open up corporate networks to a wide variety of threats, and tackling this challenge requires a comprehensive mobility strategy, says DCC. Read More

Keeping yourself safe in 2015 – Kaspersky Lab Examines IT security trends globally and in Kenya

Cyber security is something that nobody can take for granted. With attacks escalating as a result of people's increased connectedness, there can be no respite for being vigilant, says Kaspersky Lab. Read More

ESET: Internet Explorer most vulnerable Microsoft Windows component

Internet Explorer, Microsoft’s ubiquitous web browser, has topped an ESET list of the most frequently targeted Windows components. Read More

PRESS OFFICES

Sage ERP AfricaSAP AfricaSage Pastel AccountingTrust PayVMWareSamsung ElectronicsMitsumi DistributionPhoenix DistributionMTN BusinessSchneider ElectricMultichoiceMicrosoft 4Afrika

FEATURED STORY

UCC launches 2015 ACIA awardsUCC launches 2015 ACIA awards

Uganda has launched the fifth Annual Communications and Innovation Awards, which celebrate and foster ICT innovation and achievement.

IN DEPTH

Kenya’s digital TV battle hots up Kenya’s digital TV battle hots up

Kenya’s journey to Digital TV broadcasting took a new turn this week, when the Communication Authority of Kenya (CAK) accused three local media firms of intent to disrupt the process.

COMPANY NEWS

Albany CTG, Microsoft, collaborate on School of Government Program

The University at Albany’s Center for Technology in Government (CTG) has announced its collaboration with Microsoft Corporation to deliver executive level training to government leaders in Africa ...

VMware reports fourth quarter and full year 2014 results

VMware, the global leader in virtualisation and cloud infrastructure, has announced financial results for the fourth quarter and full year of 2014.

MTN to empower African businesses with AWS Direct Connect

MTN Group today announced it would be the first African company to offer Amazon Web Services (AWS) Direct Connect to business customers across multiple countries on the ...