{"id":16388,"date":"2023-07-11T07:46:17","date_gmt":"2023-07-11T07:46:17","guid":{"rendered":"https:\/\/cybercrime.rs\/?p=16388"},"modified":"2023-07-24T22:10:37","modified_gmt":"2023-07-24T22:10:37","slug":"onda-kada-su-revil-anonymous-sudan-i-killnet-najavili-napad-na-eu-banke","status":"publish","type":"post","link":"https:\/\/cybercrime.rs\/en\/2023\/07\/11\/onda-kada-su-revil-anonymous-sudan-i-killnet-najavili-napad-na-eu-banke\/","title":{"rendered":"The day when REvil, Anonymous Sudan and KillNet announced the attack on EU banks"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"16388\" class=\"elementor elementor-16388\">\n\t\t\t\t\t\t\t\t\t<section class=\"has_ae_slider elementor-section elementor-top-section elementor-element elementor-element-2545531a elementor-section-boxed elementor-section-height-default elementor-section-height-default ae-bg-gallery-type-default\" data-id=\"2545531a\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-23c66281 ae-bg-gallery-type-default\" data-id=\"23c66281\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4c9adc9 elementor-widget elementor-widget-spacer\" data-id=\"4c9adc9\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-column .elementor-spacer-inner{height:var(--spacer-size)}.e-container{--container-widget-width:100%}.e-container>.elementor-widget-spacer{width:var(--container-widget-width,var(--spacer-size));-ms-flex-item-align:stretch;align-self:stretch;-ms-flex-negative:0;flex-shrink:0}.e-container>.elementor-widget-spacer>.elementor-widget-container,.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer{height:100%}.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner{height:var(--container-widget-height,var(--spacer-size))}<\/style>\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45f6c93 elementor-widget elementor-widget-author-box\" data-id=\"45f6c93\" data-element_type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<link rel=\"stylesheet\" href=\"https:\/\/cybercrime.rs\/wp-content\/plugins\/elementor-pro\/assets\/css\/widget-theme-elements.min.css\">\t\t<div class=\"elementor-author-box\">\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/archlinux\/\" target=\"_blank\">\n\t\t\t\t\t\t<h4 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tVladimir Cicovi\u0107\t\t\t\t\t\t<\/h4>\n\t\t\t\t\t<\/a>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>DevOps\/ GitOps<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-be07522 elementor-widget elementor-widget-spacer\" data-id=\"be07522\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3941bfc8 elementor-widget elementor-widget-text-editor\" data-id=\"3941bfc8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<!-- wp:paragraph -->\n<p>Topor Live, a Telegram channel with over 3.9M followers, reported on 06\/14\/2023 that in the next 48 hours REvil, Anonymous Sudan and KillNet will \"bring down\" the entire European banking system.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b2b057a elementor-widget elementor-widget-spacer\" data-id=\"b2b057a\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-358fc67 elementor-widget elementor-widget-image\" data-id=\"358fc67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"752\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/07\/FymZqZOXoBcWvRu-1024x752.jpg\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b784ae7 elementor-widget elementor-widget-text-editor\" data-id=\"b784ae7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Source: <span style=\"color: #ead181;\"><a style=\"color: #ead181;\" href=\"https:\/\/twitter.com\/vxunderground\/status\/1669034104619245587\" target=\"_blank\" rel=\"noopener\">Twitter<\/a><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf51e80 elementor-widget elementor-widget-spacer\" data-id=\"bf51e80\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad36481 elementor-widget elementor-widget-text-editor\" data-id=\"ad36481\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The announced attack, however, did not happen. Nevertheless, this text analyzes the factors that affect the success of a cyber attack in a situation where the attack is announced in advance, as was the case here.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9bd3810 elementor-widget elementor-widget-spacer\" data-id=\"9bd3810\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9c834a elementor-widget elementor-widget-heading\" data-id=\"b9c834a\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2 class=\"elementor-heading-title elementor-size-default\">1) FACTORS AFFECTING THE SUCCESS OF THE ATTACK<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2251ea elementor-widget elementor-widget-spacer\" data-id=\"d2251ea\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8d6cfa4 elementor-widget elementor-widget-text-editor\" data-id=\"8d6cfa4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #ffffff;\"><strong>Secrecy of the operation<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>The success of any engagement in cyberspace is most influenced by the secrecy of the operation. There, the target\/victim feels safe in his daily routine and work without emergency measures. Any hint of an operation jeopardizes it because the opposing side can adapt to the potential attack and the attacker. A target in case of activity recognition can raise the level of commitment of manpower, assets and the expected effect of the attack. If it is recognized, for example, that a DDOS attack will be carried out on the network where the target is located - they can either be extended to new (for several days or weeks) networks\/outputs\/inputs or additional resources can be hired to ensure smooth operation. This may be temporary and limited in time. Therefore, there is a possibility of failure of the attack.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Secrecy of the target\/objective of the operation<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>In the case of discovery of a target\/goal, additional personnel and resources are engaged again, an analysis of the entire IT sector is carried out, a regime is established in which (for a limited period) protection of the target\/goal is carried out. All the focus is on the target, the analysis of the target and its operation - with the aim of creating a model where the target\/goal still works. For example. theft of all computers in one branch of the bank - where additional reserves are made (at another place) and backup of workstations\/servers for a limited period of time.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Secrecy of the participants of the operation<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>Participant secrecy can be one of the factors of success. In case of disclosure, there is a possibility of obstruction or manipulation of the participants. Participants can be obstructed technically, psychologically and physically. Technical means of execution: computers, internet connections, electricity. Psychological: causing conflict between group members, creating feelings of guilt or other types of manipulation. Physical, liquidation or kidnapping.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Secrecy of the start of the operation<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p>Depending on the final goal towards the target - just discovering the beginning can help rationally deploy resources and fail the entire operation. The possibility of covert operations of the other side in order to ultimately affect the failure or disruption of the attack.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Secrecy of the chain of operation<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>This is where the ransomware group\/DdoS model is taken. The entire chain used for the operation (ransomware needs IA initial access, C2 servers, C2 tools and operators for the same) (DDoS uses paid DDOS services, people who establish their own DDoS services, money\/cryptocurrencies) (remote exploit, vulnerability, 0day brokers ).<\/p>\n<p>In the event that the entire chain used for the operation or only a part is known, then they can influence a smaller part to disable the attacker or make it impossible for him to continue the attack.<\/p>\n<ul>\n<li>Initial Access<strong>:<\/strong> inserting FBI agents\/agents of private intel companies with false access to certain companies. The complete fake IT structure of the company is introduced, or exactly access is given with accounts in a controlled environment - where the attacker is prevented from attacking the entire IT structure, but only the smaller part that is in the controlled environment (isolated, disconnected from the main part).<\/li>\n<li>C2 servers: by inserting a server with full control over the attacker's server side software and disabling work in a certain part of operations or monitoring connections to targets<\/li>\n<li>C2 tools: sale of backdoored tools, monitoring, destruction of the entire infrastructure<\/li>\n<li>DDoS services: acquiring clients, faking attacks (in agreement with the target\/objective) DDoS services \"poisoning\": by inserting a huge number of DDoS services at favorable prices and working without problems - in order to \"cancel\" or fake attacks on target\/goal<\/li>\n<li>Money\/Crypto-Currency: Building Exchanges by FBI\/CIA\/NSA\/EU\/Interpol - Monitoring Sends\/Receives Between Criminals. Shutdown of a complete protocol for a certain part of the internet or main routing points, DDOS crypto exchange, finding vulnerabilities in cryptocurrencies\/blockchain\/smart contracts<\/li>\n<li>Remote 0day exploiti: sama potra\u017enja prema vrsti softwera mo\u017ee ukazivati na mete. Od postavljanja 0day brokera, do informacije koji soft \u017eele &#8220;napasti&#8221; &#8211; takve informacije ve\u0107 mogu pomo\u0107i da se smanji broj meta i onemogu\u0107i napad<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Resources, group size vs. Resources and number of targets<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>The biggest challenge for the attacker is that \n he causes a psychological effect through the media\/internet ( f he does not have the strength to hit the target\/targets). The target\/target can do the same through media exposure and demeaning the attacker. In case the group's resources and numbers are very small compared to the target's resources and numbers. If there is an attack on a certain sector - then services that are disabled can be transferred to other companies through legal work and everything else (legal problem, regulations, if possible). In the case of Killnet and Revil, there is a pooling of resources, but again this cannot result in success due to the number of targets, geographical spread and lack of knowledge of how banks work. The plan of attack is probably web services and the like, but there is also the possibility of setting up Anycast on multiple providers, dislocation, geo-blocking, and more. Banks are more prepared for such things.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>TTP \u2013 tactics, technical procedures, limited set of TTP for operations<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p>By revealing the TTP of a certain group (say Anonymous Sudan, DdoS) we get to focus and analyze the details they use and what tools they use. It is possible to find certain weaknesses within the work and principles of the tools. For example, DNS query, packet sending and others can have a vulnerable point. Example - setting *.meta.com to 127.0.0.1 for Russian or VPN providers around the world can cause an attacker to crash his own infrastructure. We can use to slow down attacks, redirect attacks, fake attack success, or similiar.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ec4a405 elementor-widget elementor-widget-spacer\" data-id=\"ec4a405\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-afe119d elementor-widget elementor-widget-heading\" data-id=\"afe119d\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">2) POSSIBLE TYPES OF ATTACKS ON EU BANKS<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ea299e elementor-widget elementor-widget-spacer\" data-id=\"1ea299e\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6b5393 elementor-widget elementor-widget-text-editor\" data-id=\"b6b5393\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #ffffff;\"><strong>DDOS attack<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>Ovisno o koga napadaju &#8211; jedan dio napada Killnet i Anonimusi Sudana nije imao efekta. U slu\u010daju Anonimusi Sudana koji imaju svoju infrastrukturu za DDoS + rentaju istu drugima za novac, mete biraju koje se nalaze iza cloudfare i sli\u010dnih servisa (za\u0161tita od DDoS) kako bi poja\u010dali efekat napada u medijima. Male i srednje mete (male kompanije, kompanije sa manjim brojem ljudi i nedovoljnom anti-DDoS za\u0161titom) pod DDOS napadom grupe Anonimus Sudan, uglavnom od 5 do 15 min. U nekim slu\u010dajevima i du\u017ee ali se radi o 1 serveru sa HTTP portom iza cloudfare kojeg je mogu\u0107e oboriti sa manjim DDoS napadom. Nekoliko puta im je DDoS &#8220;propao&#8221; ili nisu bili u mogu\u0107nosti da odr\u017ee napad du\u017ee od 5 minuta (uglavnom mete koje su imale daleko bolju za\u0161titu ili se bave cybersec). Sve banke posluju SWIFTom, ATM mre\u017ea je povezana sa bazom u bankama ali mo\u017ee biti izmje\u0161tena tako da se nalaze na razli\u010ditim ISP\/mre\u017eama i da imaju &#8220;hibridni&#8221; pristup (kombinacija 4G mre\u017ee i ra\u010dunarske mre\u017ee, ili wifi pristup). Najranjiviji dio banaka su web portali &#8211; ali je mogu\u0107e i taj dio za\u0161titi ukoliko se preduzmu mjere na vrijeme ili se u toku napada donese odluka. Ovdje mo\u017ee do\u0107i do prekida pristupa klijenata na web platformi (re\u0107i \u0107emo da pristup preko softwera na telefonima, desktop ra\u010dunarima mo\u017ee biti &#8220;izmje\u0161ten&#8221;)<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Ransomware attack<\/strong><\/span><\/p>\n<p><span style=\"color: #ffffff;\"><strong>\u00a0<\/strong><\/span><\/p>\n<p>They depend on several factors: Initial Access to brokers, the availability of 0day exploits and the number of operators, and then the attack synchronization process itself (we are talking about the fact that they want to attack all EU banks). Banks invest in the security of their IT sector. There are mechanisms at the level of the entire bank, where services are isolated and ensured that they work without interruption during an attack (high availability, service replication, backups, and so on). A single group would not be able to ensure access to the IT sector of these banks in a short period of time. One of the approaches could be insiders inside the banks who would help with the initial access, but even there the level of security of the banks differs, so it is not certain that all attacks will be successful - if it happens, it will again be a smaller part. The success of the attack depends on a lot of factors, so they are once again at the mercy of how prepared the bank is in a technical sense.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ea3401 elementor-widget elementor-widget-spacer\" data-id=\"6ea3401\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eed51ef elementor-widget elementor-widget-heading\" data-id=\"eed51ef\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">3) PROMOTING ATTACKS<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3edb534 elementor-widget elementor-widget-spacer\" data-id=\"3edb534\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1208326 elementor-widget elementor-widget-text-editor\" data-id=\"1208326\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #ffffff;\"><strong>Media promotion of the attack<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p>The only certain element in all this is the psychological effect of the alleged attack. Even if an attack does not happen, the very fact that the information appeared in the media can help to have a stronger effect when the website of a bank is taken down (let's say that is the only goal, the fastest to perform in this case). From the stock market, loss of clients, other things. There is a possibility to cause the withdrawal of money from the banks and thus cause a problem with the operation of the banks.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Attack of competitors<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p>Ovako &#8220;sivu&#8221; situaciju mo\u017ee iskoristiti (ali je manje vjerovatno iz vi\u0161e razloga) konkurencija odre\u0111enih banaka da uni\u0161ti one druge (kroz spinovanje, stvarne napade i drugo). Opet postoji mogu\u0107nost da se napadi pove\u017eu i da organizator napada (u ovom slu\u010daju banka) bude prona\u0111en i do\u017eivi propadanje\/gubitak novca\/zatvaranje. Tako da je malo il nikako vjerovatno. U slu\u010daju da jeste, onda mo\u017eemo pri\u010dati o povezanosti banke sa Killnet\/REvil grupom kroz udio vlasni\u0161tva banke (recimo da je neko iz Rusije vlasnik dijela neke banke). Opet postoji mogu\u0107nost pronala\u017eenja veza grupa-banka konkurent.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Support of foreign countries to KillNet and REvil groups<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p>States often use criminal groups to achieve a specific goal. There is a possibility of Russia's involvement as a sponsor. Such things can be detected based on how much resources the group had before and after a certain time. What kind of impact do their attacks have (not in the media, but the technical part of the attack) and there can be found a connection in the sense that they have a lot of money, that they are better organized, that they have changed the methods of attack and so on. But as I said, something becomes visible. Can they direct them towards specific targets? Yes, but again in that case the state would ensure that the attack was effective, which would be visible and easy to spot.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a04bc67 elementor-widget elementor-widget-spacer\" data-id=\"a04bc67\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7409203 elementor-widget elementor-widget-text-editor\" data-id=\"7409203\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\" translation-block\">Source <span style=\"color: #ead181\"><a style=\"color: #ead181\" href=\"https:\/\/www.linkedin.com\/pulse\/povreda-podataka-o-liC48Dnosti-zlatko-petroviC487\/?trackingId=XFCkQ48TKCv0woOAZzMhA\" target=\"_blank\" rel=\"noopener\">&gt;&gt;<\/a><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Cyber attack promotion?<\/p>","protected":false},"author":1,"featured_media":9976,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[30,36],"tags":[],"class_list":["post-16388","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-cybercrime"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/16388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/comments?post=16388"}],"version-history":[{"count":33,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/16388\/revisions"}],"predecessor-version":[{"id":16615,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/16388\/revisions\/16615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media\/9976"}],"wp:attachment":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media?parent=16388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/categories?post=16388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/tags?post=16388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}