Connect with us

Hi, what are you looking for?

HEADLINES

Banks, financial institutions major targets of advanced persistent threats as pandemic continues in SEA

Other important trends are the use of COVID-19 theme for social engineering; exploiting researches directly related to COVID-19; scam and false news on COVID-19; and COVID-19-related domain connection which can be used for scam.

Cybersecurity firm Kaspersky disclosed that banks and financial institutions are major targets of advanced persistent threats (APTs) as the pandemic continues in Southeast Asia. Among the top 10 targets of sophisticated attacks, these industries ranked second and third and every year, they have always been ranked on the list of top targets.  

Seongsu Park, senior security researcher, Global Research and Analysis Group at Kaspersky, revealed the main trends in the general cyberspace landscape in Southeast Asia which include the following: hackers attack not only Windows systems but other non-Windows operating systems as well; the use of mobile phone to steal credentials and important information; hackers focus on supply chain attacks; and exploiting Internet facing network device.

Other important trends are the use of COVID-19 theme for social engineering; exploiting researches directly related to COVID-19; scam and false news on COVID-19; and COVID-19-related domain connection which can be used for scam.

Last year, over 80,000 COVID-related domain connections and malicious websites were detected by Kaspersky in SEA alone. Malaysia registered the highest number, followed by Vietnam, the Philippines, and Indonedia.   

Park cited a case using COVID-19 theme. “In December 2020, the largest group tried to steal COVID-19- related intelligence and targeted government organizations and some pharmaceutical companies to steal the 2019 information,” said Park.

This trend is expected to continue until 2021 as the region continues its battle against the pandemic and rolls out vaccines in different phases.

Advertisement. Scroll to continue reading.

Various sectors in the financial industry are targeted by cyber attackers, especially cryptocurrency business which is a prime target these days. One of the campaigns that targeted banks (and even government agencies) in SEA is the JSOutProx malware. This malware continued its attempt of infiltrating banks in the region even though it is currently not a highly sophisticated strain.

This sophisticated malware employs social engineering tactics such as using file names associated with bank-related business and heavily obfuscated script files to get into the network. Once it runs on the victim, it can load several plugins performing additional malicious activities on the victim.

Cryptocurreny business is also the subject of cybercriminals who are undertaking online attacks on the sector. Kaspersky identified that one of the cryptocurrency exchange in the region was compromised. As a result of a thorough investigation, it was confirmed that the Lazarus group was behind the attack that was detected in Singapore.

Another cryptocurrency-related threat is the SnatchCrypto campaign conducted by the BlueNoroff APT,   a subgroup of Lazarus which particularly attacks banks. It was also allegedly associated with the $81M Bangladesh Bank Heist

Kaspersky has been tracking this SnatchCrypto since the end of 2019 and discovered the actor behind this campaign has resumed its operations with similar strategy. 

In terms of the factors behind the increased threats against the sector, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky comments, “Cryptocurrency is steadily being embraced in SEA, hence it is a natural progression for cybercriminals to set their eyes here. Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments.”

“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers. It is crucial for banking and financial services providers to realize, as early as now, the value of intelligence-based, proactive defense to fend off these costly cyberattacks,” Yeo adds.

The Kimsuky APT group, which has most likely been operating since 2012, is employing spearphishing to attack its victim. A very agile and versatile APT group, this threat has a strong motivation for financial profit. It initially targeted think-tanks in South Korea, particularly for cyberespionage.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The global digital wellbeing study shows that the Philippines climbed by 18 places since last year and surpassed Indonesia.

HEADLINES

The 3rd Online Policy Forum presented by Kaspersky zeroes in on the region’s cyber resources, expertise gap amidst rapid digitalization.

HEADLINES

From January to June 2021, a total of 4,877,645 attempted attacks against users of Kaspersky solutions in the country with Microsoft’s RDP installed in...

HEADLINES

During the pandemic, work satisfaction and engagement among employees became more crucial than ever before, especially for small businesses affected hard. A strong team...

SOFTWARE

MicroWorld's latest offering aims to reinvent cybersecurity in the face of an ever-evolving threat landscape, especially in light of the ongoing pandemic. The cyber...

HEADLINES

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums,...

HEADLINES

The vast majority (70%) of all IT teams said the number of phishing emails hitting their employees increased during 2020. This rose to 82%...

Biz Solutions

Kaspersky Cybersecurity On a Budget provides a set of short but actionable recommendations relevant for any company, as well as specific, but still easy-to-follow...

Advertisement