Issue link: https://maltatoday.uberflip.com/i/1091272
NEWS 5 maltatoday | SUNDAY • 10 MARCH 2019 CONTINUED FROM PAGE 1 "It remains likely that a small number of other organisa- tions received these malicious emails," they warned, refer- ring to EmpireMonkey's use of "phishing" emails designed to look like official authori- ties with decoy documents, which when clicked on, gives hackers access to the bank's systems. "Given we have observed in- dication of attacks on 16, 19 and 24 October we remain vigilant for further activity," they said, indicating attacks originated from France, Swe- den and Malta. Later they were also uploaded from Slo- vakia. The report suggested that cyber-intelligence consult- ants were aware of a hacking campaign that would target one or more Maltese banks, as reports came in of mali- cious codes being tested by the hackers. "The macro code appears faulty and incom- plete," the consultants noted. "Downloads the decoy from the fake AMF website." Indeed on 5 November, 2018, HSBC were told that EmpireMonkey was active in France and Malta "and spoof- ing the French stock market regulator AMF" – Autorité des marchés financiers – with the image of a letter with the AMF letterhead. "It appears as though they have remained active, with recent activity observed on their existing infrastructure... the actor is refining their ini- tial macro code to evade de- tection." Additionally, the security consultants noted collusion between two hacking groups. "And now it becomes inter- esting... it appears to suggest some association between EmpireMonkey and Cobalt Gang, likely through their shared use of infrastructure and/or code offered by the actor known as badbullzven- om. It is highly likely these two samples are indicative of testing for new delivery tech- niques or malicious code." The report warned that the attack had a "certain level of sophistication". Then on 19 January, 2019, a month before the BOV heist, the security consult- ants identified yet another attack. "At this time we have no further information about a delivery mechanism, or if the upload was from the ac- tor – as has occurred in the past – or from a victim." This time, the attackers were using the brand of So- ciété Générale, the French bank, to match the theme used by EmpireMonkey, and had developed encryption certificates for their domain – "which suggests a cam- paign has more recently oc- curred or is imminent", the security consultants said. "We cannot yet ascertain if this is a campaign that has occurred, is in progress, or is in plan. We therefore rec- ommended that as well as retrospective searches, moni- toring or blocks are also im- plemented for these IoC (in- dicator of compromise)." On 25 January, the security consultants received notice from their own sources that a malicious payload had gone live, and finally on 31 Janu- ary that they had been alerted that a malicious document had been hosted on a domain used by the EmpireMonkey group. "Whilst we have no information about the deliv- ery, it was almost certainly a link in an email and occurred today... it is likely that emails were delivered also using the same domain hosting the ma- licious document." Three days after the BOV heist, the consultants ana- lysed the files uploaded to an open source virus reposi- tory from the Bank of Val- letta machines, all related to two BOV employees who had been potentially exposed and compromised through the EmpireMonkey malicious documents. "It is worth not- ing that we reported on Em- pireMonkey malicious docu- ments uploaded from Malta back on 24 October, 2018... our team will continue the analysis and provide up- dates..." the consultants said. BOV went dark on 13 Feb- ruary after their systems were compromised by the Empire- Monkey group, with branch- es, ATMs, mobile banking and even e-mail services sus- pended and its website taken offline. The cyber-attack saw €13 million transferred out of the bank through false in- ternational transactions. The transactions were made to bank accounts in four countries – the US, the UK, Czechia and Hong Kong. The bank immediately advised its correspondent banks to block the transactions and the pro- cess was started to reverse the payments. BOV recovered more than €3 million of the €13 million, the bulk of the rest being fro- zen in foreign jurisdictions. mvella@mediatoday.com.mt Jobsplus permit no 219/2018 Malta Air Traffic Services Ltd (MATS), the Air Navigation Service Provider for Malta, invites applications from interested individuals to fill the post of Air Traffic Control Officer Trainees with the Company. Academic Qualifications Applications will be considered from individuals who satisfy the following minimum academic qualifications: • A Matriculation certificate awarded of grade C or higher, or, • 2 A levels and 4 intermediates at grade C or higher, or, • A Higher National Diploma (MQF 5) awarded. Age For licensing purposes, applicants for the post of ATCO must be at least 18 years of age at the time of application. Assessment test Applicants who fulfill the academic criteria must attend for an assessment test. This test will be based on the First European ATCO Selection Test (FEAST). Candidates sitting for this assessment will be deemed successful if they obtain an average stanine level 5 or higher and grades of not lower than 4 in any one test. "Candidates who fail FEAST are allowed to re-apply for the position of Air Traffic Control Officer Trainee and retry the FEAST test only after the lapse of (24) twenty-four months from the date that they have done the initial test. Applicants who apply before the lapse of (24) twenty-four months will not be considered." Language proficiency Applicants must attain at least a level 4 in Maltese and English language proficiency as dictated by CAD – TM (the regulator) leading to the qualification of ATCO 1 Medical Fitness Applicants must be medically fit in accordance with regulatory requirements for duty as air traffic controller (Medical Class 3). Medical examinations will be carried out by a medical officer who is duly qualified to certify air traffic controllers. The result of the medical examination conducted by the said medical officer will be final. Interview Successful candidates will proceed for an interview with an interviewing board of selection appointed by the Company. Candidates must succeed in every part of this selection process as any part is considered as a pass/fail module, Jobsplus permit no 219/2018 Malta Air Traffic Services Ltd (MATS), the Air Navigation Service Provider for Malta, invites applications from interested individuals to fill the post of Air Traffic Control Officer Trainees with the Company. Academic Qualifications Applications will be considered from individuals who satisfy the following minimum academic qualifications: • A Matriculation certificate awarded of grade C or higher, or, • 2 A levels and 4 intermediates at grade C or higher, or, • A Higher National Diploma (MQF 5) awarded. Age For licensing purposes, applicants for the post of ATCO must be at least 18 years of age at the time of application. Assessment test Applicants who fulfill the academic criteria must attend for an assessment test. This test will be based on the First European ATCO Selection Test (FEAST). Candidates sitting for this assessment will be deemed successful if they obtain an average stanine level 5 or higher and grades of not lower than 4 in any one test. "Candidates who fail FEAST are allowed to re-apply for the position of Air Traffic Control Officer Trainee and retry the FEAST test only after the lapse of (24) twenty-four months from the date that they have done the initial test. Applicants who apply before the lapse of (24) twenty-four months will not be considered." Language proficiency Applicants must attain at least a level 4 in Maltese and English language proficiency as dictated by CAD – TM (the regulator) leading to the qualification of ATCO 1 Medical Fitness Applicants must be medically fit in accordance with regulatory requirements for duty as air traffic controller (Medical Class 3). Medical examinations will be carried out by a medical officer who is duly qualified to certify air traffic controllers. The result of the medical examination conducted by the said medical officer will be final. Interview Successful candidates will proceed for an interview with an interviewing board of selection appointed by the Company. Candidates must succeed in every part of this selection process as any part is considered as a pass/fail module, Probation and Training Applicants who are selected will be engaged by MATS on a definite contract of 15 months during which they will be required to attend and successfully complete the BASIC course and the Rating course. Both courses may be held in Malta or abroad at a training institution selected by MATS. Candidates who quit any one of the courses will be liable to pay MATS the costs incurred for the course. On successful completion of the Basic and Rating course, candidates will undergo a period of on-the-job training, followed by a Competency Check for the issue of an Air Traffic Control Officer license. Candidates who are successful in all the phases mentioned above including the Competency Check, will be awarded an indefinite contract and promoted to an Air Traffic Control Officer. Those satisfying the experience and qualification criteria, and who are interested in filling these posts, are to send a motivational letter with their updated curriculum vitae (in pdf format) via email to our H.R. section on vacancies@maltats.com by not later than Friday the 15th of March 2019. Interested parties are invited to visit our careers section on http://maltats.com for a more detailed description of this vacancy. Who are they? The Cobalt Gang A group of cybercriminals which has executed attacks against banks has regrouped despite the arrest of its alleged leader. The gang may have stolen as much as €1 billion ($1.2 billion) from banks in 40 countries over the last two years. It is known for its meticulous planning when studying ATM systems, card processing systems and the international interbank payment messaging system SWIFT before executing attacks. Spanish police said they had arrested a Ukrainian national who had allegedly laundered much of the money stolen by the Cobalt gang, converting it into 15,000 bitcoins, which at the time were worth $119 million. EmpireMonkey A financially-motivated cyberthreat group that has been identified in connection with various other heists, most recently connected to the Fin6 group in a string of point-of- sale attacks against WMWare Horizon thin clients. Badbullzvenom Cybercriminal active in known cybercrime and hacking forums, which are platforms to sell sensitive information dumps – a known term for stolen information data that often include credit card and social security numbers. Cybercriminals can also purchase off-the-shelf malware directly from coders in these crime and hacking forums. HSBC security report shows phishing attacks building up from 2018