Surge Of Attacks On Banking & Finance Using N Korean Tools

For over 200 year’s criminals have been stealing from banks and as methods change we now have phishing and cyber bank theft.  In fact, F-Secure’s Cyber has said in a recent Report that the threat landscape for the finance sector indicates that it might be getting worse, with the cyber-attack capabilities of nation-states spreading to more common cyber criminals

Cyber-attacks pioneered by groups linked with the North Korean government are now being deployed by other threat actors, security specialists at F-Secure have warned. The targeted are often companies and organisations in UK, US, Brazil, South Africa, Russia, Japan, India and elsewhere.

Criminals have various ways in which they can profit from stolen personal data, such as by extorting targeted organisations, selling the data on dark web markets, committing identity fraud, or accessing customer accounts and stealing funds. 

‘While North Korea is a unique case of a nation-state conducting financially-motivated attacks - many of which have been against the banking sector - the techniques used by the country's hacking units have also been adopted by organised crime groups, adding to their repertoire of ways in which to steal from banks.’

In particular, the report added, non-state attackers have been inspired by North Korea to target the banks' SWIFT international payments systems. This probably helped North Korea to steal almost a billion dollars from the Bangladesh Bank in 2016 using the Lazarus group

North Korea’s group Lazarus has made similar attacks on other large banks and N. Korea has links to organised crime around the world, including drug running and producing counterfeit currency.

"Attackers compromise a bank's SWIFT payment operators, steal their credentials, and subsequently send fraudulent transfer requests via the SWIFT messaging system.

"When confirmation messages of these transactions are sent back to the compromised back, the attacker's malware intercepts and deletes them, thus removing evidence that the transactions occurred. The illicitly transferred funds get withdrawn from the attackers' accounts by money mules, and the cash is then laundered," the report explained.

The report highlights how attackers are increasingly targeting the financial sector with a range of imaginative attacks in a bid to make big financial gains.

Other attacks on the financial sector include ‘payment switch application compromise': "When a customer goes to withdraw funds from an ATM, a request gets sent to the customer's bank.

"The payment switch application handles this request, conducts a number of checks, for example whether the customer has the required funds in their account, and sends a confirmation - or rejection - message.

"Attackers are compromising these payment switch applications, so that ATM requests made by the attackers' cards are intercepted by the malware. The malware then automatically authorises these requests, regardless of their legitimacy, and the ATM releases unlimited cash for the money mules."

It's not just banks that are being targeted, but financial institutions large and small, including insurance companies, asset managers and other organisations in the financial sector, or the supply chain of financial organisations.

"North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years," said George Michael, a senior research analyst at F-Secure talking to Computing Magazine. He continued: "This is symbolic of a wider trend that we've seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals."

Michael added that simply throwing money at IT security isn't enough either. "We continue to see companies suffer from unsophisticated breaches despite having spent millions on security.

"Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations."

Computing:           f-Secure Report:       f-Secure Blog:

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

The New Sophistication Of Nation-State Hacking:

 

 

 

« Cyber Terrorism & Piracy
More About The Capital One Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

Strategic Security Solutions (S3)

Strategic Security Solutions (S3)

S3 is a leading provider of Cybersecurity consulting services for Identity and Access Governance (IAG), Zero Trust, and Enterprise Risk and Compliance.

Cyber Grant

Cyber Grant

Cyber Grant excel in designing cybersecurity solutions for data protection. Our approach and vision, centered on ease-of-use, establish us as a benchmark in the industry for safeguarding information.