Surge Of Attacks On Banking & Finance Using N Korean Tools

Uploaded on 2019-08-06 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

For over 200 year’s criminals have been stealing from banks and as methods change we now have phishing and cyber bank theft.  In fact, F-Secure’s Cyber has said in a recent Report that the threat landscape for the finance sector indicates that it might be getting worse, with the cyber-attack capabilities of nation-states spreading to more common cyber criminals

Cyber-attacks pioneered by groups linked with the North Korean government are now being deployed by other threat actors, security specialists at F-Secure have warned. The targeted are often companies and organisations in UK, US, Brazil, South Africa, Russia, Japan, India and elsewhere.

Criminals have various ways in which they can profit from stolen personal data, such as by extorting targeted organisations, selling the data on dark web markets, committing identity fraud, or accessing customer accounts and stealing funds. 

‘While North Korea is a unique case of a nation-state conducting financially-motivated attacks - many of which have been against the banking sector - the techniques used by the country's hacking units have also been adopted by organised crime groups, adding to their repertoire of ways in which to steal from banks.’

In particular, the report added, non-state attackers have been inspired by North Korea to target the banks' SWIFT international payments systems. This probably helped North Korea to steal almost a billion dollars from the Bangladesh Bank in 2016 using the Lazarus group

North Korea’s group Lazarus has made similar attacks on other large banks and N. Korea has links to organised crime around the world, including drug running and producing counterfeit currency.

"Attackers compromise a bank's SWIFT payment operators, steal their credentials, and subsequently send fraudulent transfer requests via the SWIFT messaging system.

"When confirmation messages of these transactions are sent back to the compromised back, the attacker's malware intercepts and deletes them, thus removing evidence that the transactions occurred. The illicitly transferred funds get withdrawn from the attackers' accounts by money mules, and the cash is then laundered," the report explained.

The report highlights how attackers are increasingly targeting the financial sector with a range of imaginative attacks in a bid to make big financial gains.

Other attacks on the financial sector include ‘payment switch application compromise': "When a customer goes to withdraw funds from an ATM, a request gets sent to the customer's bank.

"The payment switch application handles this request, conducts a number of checks, for example whether the customer has the required funds in their account, and sends a confirmation - or rejection - message.

"Attackers are compromising these payment switch applications, so that ATM requests made by the attackers' cards are intercepted by the malware. The malware then automatically authorises these requests, regardless of their legitimacy, and the ATM releases unlimited cash for the money mules."

It's not just banks that are being targeted, but financial institutions large and small, including insurance companies, asset managers and other organisations in the financial sector, or the supply chain of financial organisations.

"North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years," said George Michael, a senior research analyst at F-Secure talking to Computing Magazine. He continued: "This is symbolic of a wider trend that we've seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals."

Michael added that simply throwing money at IT security isn't enough either. "We continue to see companies suffer from unsophisticated breaches despite having spent millions on security.

"Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations."

Computing:           f-Secure Report:       f-Secure Blog:

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

The New Sophistication Of Nation-State Hacking:

 

 

 

« Cyber Terrorism & Piracy
More About The Capital One Breach »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

Protect AI

Protect AI

Protect AI is a cybersecurity company focused on AI & ML systems. Through innovative security products and thought leadership in MLSecOps, we help our customers build a safer AI powered world.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

RANE Network

RANE Network

RANE is a global risk intelligence company that provides critical insights and analysis to more efficiently anticipate, monitor, and respond to emerging threats.