Surge Of Attacks On Banking & Finance Using N Korean Tools

For over 200 year’s criminals have been stealing from banks and as methods change we now have phishing and cyber bank theft.  In fact, F-Secure’s Cyber has said in a recent Report that the threat landscape for the finance sector indicates that it might be getting worse, with the cyber-attack capabilities of nation-states spreading to more common cyber criminals

Cyber-attacks pioneered by groups linked with the North Korean government are now being deployed by other threat actors, security specialists at F-Secure have warned. The targeted are often companies and organisations in UK, US, Brazil, South Africa, Russia, Japan, India and elsewhere.

Criminals have various ways in which they can profit from stolen personal data, such as by extorting targeted organisations, selling the data on dark web markets, committing identity fraud, or accessing customer accounts and stealing funds. 

‘While North Korea is a unique case of a nation-state conducting financially-motivated attacks - many of which have been against the banking sector - the techniques used by the country's hacking units have also been adopted by organised crime groups, adding to their repertoire of ways in which to steal from banks.’

In particular, the report added, non-state attackers have been inspired by North Korea to target the banks' SWIFT international payments systems. This probably helped North Korea to steal almost a billion dollars from the Bangladesh Bank in 2016 using the Lazarus group

North Korea’s group Lazarus has made similar attacks on other large banks and N. Korea has links to organised crime around the world, including drug running and producing counterfeit currency.

"Attackers compromise a bank's SWIFT payment operators, steal their credentials, and subsequently send fraudulent transfer requests via the SWIFT messaging system.

"When confirmation messages of these transactions are sent back to the compromised back, the attacker's malware intercepts and deletes them, thus removing evidence that the transactions occurred. The illicitly transferred funds get withdrawn from the attackers' accounts by money mules, and the cash is then laundered," the report explained.

The report highlights how attackers are increasingly targeting the financial sector with a range of imaginative attacks in a bid to make big financial gains.

Other attacks on the financial sector include ‘payment switch application compromise': "When a customer goes to withdraw funds from an ATM, a request gets sent to the customer's bank.

"The payment switch application handles this request, conducts a number of checks, for example whether the customer has the required funds in their account, and sends a confirmation - or rejection - message.

"Attackers are compromising these payment switch applications, so that ATM requests made by the attackers' cards are intercepted by the malware. The malware then automatically authorises these requests, regardless of their legitimacy, and the ATM releases unlimited cash for the money mules."

It's not just banks that are being targeted, but financial institutions large and small, including insurance companies, asset managers and other organisations in the financial sector, or the supply chain of financial organisations.

"North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years," said George Michael, a senior research analyst at F-Secure talking to Computing Magazine. He continued: "This is symbolic of a wider trend that we've seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals."

Michael added that simply throwing money at IT security isn't enough either. "We continue to see companies suffer from unsophisticated breaches despite having spent millions on security.

"Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations."

Computing:           f-Secure Report:       f-Secure Blog:

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

The New Sophistication Of Nation-State Hacking:

 

 

 

« Cyber Terrorism & Piracy
More About The Capital One Breach »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Inveo Group

Inveo Group

Inveo group is the Italian leader for the management of privacy and data protection issues.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.

Cyber Husky

Cyber Husky

Cyber Husky is an agile technology company that specializes in cloud solutions, cybersecurity, and managed IT services.