In a virtual media conference, global cybersecurity company Kaspersky unmasked the latest cyber threats the banking and financial services industry should be on guard against, as the pandemic continues in Southeast Asia (SEA).
Kaspersky’s cybersecurity expert noted the main trends witnessed in cyberspace last year and will continue in 2021. These include the abuse of the COVID-19 theme, the exploit of researches related to the pandemic, and the scams and misinformation about the virus and the vaccines.
As of last year, more than 80,000 COVID-related domain connections and malicious websites were detected by Kaspersky in SEA alone. Malaysia registered the highest number followed by Vietnam, the Philippines, and Indonesia.
This trend is expected to continue until 2021 as the region continues its battle against the pandemic and rolls out vaccines in different phases.
Cybercrime Groups Targeting Banks, Cryptocurrency Exchanges in Southeast Asia
Banks remain charming targets for cyber adversaries. Data from Kaspersky’s GReAT revealed banks and financial institutions were the second and third most targeted sectors last year, globally.
One of the campaigns singling out banks in SEA is JsOutProx malware. Even though this malware is currently not a highly sophisticated strain, Kaspersky experts noted its continued attempts to infiltrate banks in the region.
The cybercriminals behind this module malware exploit file names associated with bank-related businesses and use heavily obfuscated script files, and anti-evasion tactics. This social engineering technique particularly preys on bank employees to get inside the institution’s network.
The other lucrative target for cybercriminals is the emerging cryptocurrency business in SEA. As the worth of cryptocurrency surges, many cyber threat groups are now waging online attacks against this sector.
A Kaspersky researcher recently identified that one of the cryptocurrency exchanges in the region was compromised. As a result of a thorough forensic investigation, it was confirmed that the Lazarus group was behind this attack detected in Singapore.
Another cryptocurrency-related threat is SnatchCrypto campaign, which was being conducted by the BlueNoroff APT. This gang is a subgroup of Lazarus which particularly attacks banks. It was also allegedly associated with the $81M Bangladesh Bank Heist.
Kaspersky has been tracking this SnatchCrypto since the end of 2019 and discovered the actor behind this campaign has resumed its operations with a similar strategy.
The last cybercrime group discussed by Park is the Kimsuky APT. Kaspersky first reported about Kimsuky in 2013 and it has since evolved in terms of tactics, techniques, and victimology. It initially targeted think-tanks in South Korea, particularly for cyberespionage. However, recent telemetry showed that the versatile and agile group now has strong financial motivation.
To improve banks’ and financial organisations’ cyber defences, experts in Kaspersky suggest the following:
- Integrate Threat Intelligence into SIEM and security controls in order to access the most relevant and up-to-date threat data
- Conduct regular security training sessions for staff, taking into account the abilities and needs of each and every learner
- Use traffic monitoring software
- Install the latest updates and patches for all of the software you use
- Forbid the installation of programs from unknown sources
- Perform regular security audit of an organization’s IT infrastructure
- For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions.