Australia's banks targeted by 'DoS for ransom' threat

Australian banks are being targeted by a group threatening to launch denial-of-service attacks unless a ransom is paid, the Australian Cyber Security Centre says.

The campaign is being waged by attackers claiming to be from Silence, a Russian-speaking advanced persistent threat (APT) group that typically targets banks and financial institutions.

The ACSC said it had been “unable to verify” the claims of affiliation.

The centre did suggest, however, that multiple threats had been recently received.

“The ACSC is aware of a number of DoS for ransom threats being made against Australian organisations, primarily in the banking and finance sector,” it said on Tuesday evening.

“The threats in question are delivered via email, and threaten the recipient with a sustained DoS attack unless a sum of the Monero cryptocurrency is paid.”

The centre said it had so far received “no reports of the threats eventuating in DoS”.

In addition, it said it is “aware of a number of DoS threats made in the past against Australian organisations that did not eventuate.”

Silence has been extensively researched by the Singaporean cybersecurity firm Group-IB, which said in August last year that the group had “significantly expanded their geography and increased the frequency of their attacks”.

Silence initially targeted “post-Soviet states and neighbouring countries”, according to Group-IB, with Asia appearing to be particularly attractive.

The group used phishing emails to infect victims, but also used email campaigns to test the validity of email addresses and to “get information about the cybersecurity solutions used by a targeted company all the while remaining undetected,” Group-IB said.

But Rustam Mirkasymov, the head of dynamic analysis within Group-IB's malware department, told iTnews that ransom denial-of-service attacks "are not the typical modus operandi of the group."

"Silence usually carry out attacks on ATMs or via card processing," Mirkasymov said.

"Moreover, even though the geographical scope of Silence’s attacks have increased significantly, especially in Asia Pacific, we have not seen their traces in Australia.

"Therefore, having been tracking Silence APT for almost four years now, Group-IB Threat intelligence team assesses with high confidence that it’s very unlikely that the gang was behind the new wave of ransom denial-of-service (RDoS) campaigns detected in Australia.”

Mirkasymov said it wasn't the first time the names of APTs like Silence had been used to intimidate victims.

"For example, in October 2019 we detected a massive email campaign spreading similar ransom demands to banks and financial organisations across the word.

"The attackers - posing as notorious Fancy Bear - threatened to launch a DDoS attack if a ransom was not paid.”