Attackers are using ‘invisible’ methods of attack and malware that hides in memory instead of on hard drives to steal passwords and other sensitive data from banks and enterprises across 40 countries. Anti-forensic techniques such as the malware vanishing after reboot makes attribution nearly impossible.
Cybercriminals have hit more than 40 countries with hidden malware that steals passwords and financial data. The malware is not found on hard drives as it hides in the memory of compromised computers, making it almost “invisible” as criminals exfiltrate system administrators’ credentials and other sensitive data. When a targeted machine is rebooted, nearly all traces of the malware disappear.
Over 140 enterprise networks – banks, government organizations and telecommunication companies – from 40 countries have been hit, according to Kaspersky Lab. The cybercriminals are using methods and sophisticated malware previously used by nation-state attackers.
The U. S. has been the most targeted country with 21 hidden-malware attacks, followed by 10 attacks in France, nine in Ecuador, eight in Kenya, and seven in both the UK and Russia.
Because the malware manages to hide so well, and poofs after a reboot, the number of infections may be much higher.
The “attacks are ongoing globally against banks themselves,” Kaspersky Lab’s Kurt Baumgartner told Ars Technica. “The banks have not been adequately prepared in many cases to deal with this.
