Global cybersecurity company, Kapersky, revealed at a virtual media conference regarding the latest cyber threats that the banking and financial services industry should be aware of. Because until now, the pandemic is still continuing in Southeast Asia (SEA).
Kaspersky cybersecurity experts noted the main trends seen in cyberspace last year, and will continue in 2021. These include abuse of the Covid-19 theme, exploitation of pandemic-related research, and fraud and misinformation regarding viruses and vaccines. .
“It is increasingly clear that the perpetrators of this threat will continue to use topics related to the pandemic to deceive the human mind. While vaccines have been and are ongoing, the situation remains uncertain. Countries are still under lockdown, virtual learning and remote work are still happening, and digital payments are on the rise. This means the IT infrastructure will remain stretched, further opening the door to threats targeting Windows and Internet-connected network devices as well as multi-platform attacks up to the supply chain, and beyond “ said Seongsu Park, Senior Security Researcher, (GReAT) at Kaspersky.
In the past year, more than 80,000 Covid-related domain connections and malicious websites were detected by Kaspersky in Southeast Asia alone. Malaysia recorded the highest number, followed by Vietnam, the Philippines and Indonesia.
This trend is expected to continue into 2021 as the region continues to battle the pandemic and launch vaccines in different phases.
Cybercrime groups target banks, cryptocurrency exchanges in Southeast Asia
Banks remain attractive targets for cybercriminals. In fact, data from Kaspersky’s GReAT reveal that banks and financial institutions were the second and third most targeted sectors last year, globally.
One of the campaigns targeting banks in Southeast Asia is the JsOutProx malware. Although this malware is not currently the most sophisticated type, Kaspersky experts note its continued attempts to infiltrate banks in the region.
The cybercriminals behind this malware module, exploit bank-related business filenames and use highly obscure script files, a tactic anti-evasion or anti-evasion. These social engineering techniques in particular prey on bank employees to enter into institutional networks.
Upon entering, Park shared that “JSOutProx can load more plugins to perform malicious actions against its victims including remote access, data exfiltration, command and control server takeover (C2), and more.”
Another lucrative target for cybercriminals is the emerging cryptocurrency business in Southeast Asia. As the value of cryptocurrencies increases, many threat actor groups are now launching online attacks against the sector.
A Kaspersky researcher recently identified that one of the cryptocurrency exchanges in the region has been compromised. A thorough forensic investigation confirmed that Lazarus’ group was behind the attacks detected in Singapore.
Another cryptocurrency-related threat is the SnatchCrypto campaign, run by BlueNoroff APT. This group is a subgroup of Lazarus that specifically attacks banks. It is also suspected of being linked to the theft of a Bangladesh bank worth US $ 81 million.
Kaspersky has been tracking this SnatchCrypto since late 2019 and found the actor behind this campaign has continued its operations with a similar strategy.
Regarding the factors behind the increasing threat to the sector, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky said that Cryptocurrency or cryptocurrency continues to be embraced in the Southeast Asian region, it is therefore a natural development for cybercriminals to target and target their actions here. Its growth is an integral part of digital transformation in the region and is in line with the increasing adoption of e-commerce and digital payments.
“As we continue to move our money online, we also witnessed massive data breaches and ransomware attacks last year that should serve as a warning to financial institutions and payment service providers. It is imperative for banks and financial service providers to realize, as early as possible, the value of proactive intelligence-based defense to fend off these costly cyber attacks, “he said. Yeo.
The last group of threat actors Park talked about was APT’s Kimsuky. Kaspersky first reported on Kimsuky in 2013 and has since evolved into a variety of ways including tactics, techniques and victimology. It originally targeted think tanks (think-tanks) in South Korea, especially for cyber espionage. However, recent telemetry has shown that this versatile and agile group now has very strong financial motives.
“We have been monitoring Kimsuky’s strong presence in South Korea. Our research shows that they employ two infiltration techniques, an attack via spearphishing, and an attack on the supply chain. After all, they are targeting cryptocurrency investors to extract data and to gain remote access. “With a group that shows a strong financial motive, it is very possible that their attacks could extend beyond not only South Korea, but into neighboring regions such as Southeast Asia,” explained Park.