Global Banks Hit by Watering Hole Blitz

Over 100 organisations worldwide have been hit by a major new coordinated campaign using compromised websites to infect them with malware linked to the infamous Lazarus Group, according to Symantec.

The source of the attack appears to have been the website of the Polish financial regulator, which was compromised and used to redirect visitors to an exploit kit designed to download malware on only 150 specific IP addresses.

Those 104 target organisations are mainly banks, with a spattering of telecoms and some Internet firms located in 31 countries, the security giant claimed.

The campaign has been going since at least October last year, with Symantec blocking 14 attacks against computers in Mexico, 11 against computers in Uruguay, and two against computers in Poland.

Other affected countries apparently include the UK, Colombia, Brazil, Chile, Denmark and Venezuela.

“Analysis of the malware [Downloader.Ratankba] is still underway. Some code strings seen in the malware used shares commonalities with code from malware used by the threat group known as Lazarus,” Symantec explained in a blog post.

“Ratankba was observed contacting eye-watch[.]in for command and control (C&C) communications. Ratankba was then observed downloading a Hacktool. This Hacktool shows distinctive characteristics shared with malware previously associated with Lazarus.”

The Lazarus Group, which is believed to be North Korean in origin, has been pegged for several aggressive attacks on targets in the US and South Korea, most notably a major 2011 DDoS campaign against its near neighbour and the Backdoor.Destover-powered disk-wiping attack on Sony Pictures Entertainment three years later.

It was even linked to the massive $81m heist at the Bangladesh Bank and other attempts to steal money from banks using the global Swift transfer system.

Thus far there’s no evidence that those banks caught in the latest campaign have had any money stolen as a result.

Infosecurity:

 

« UK Under Attack By Russian & Chinese State Sponsored Hackers
Snowden Says Report Proves He’s Not A Spy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

Teradata

Teradata

Teradata is a leading provider of enterprise big data analytics and services. Applications include Cyber Security Analytics.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

DigiSec360

DigiSec360

DigiSec360 is a technology firm focused on the human element of cybersecurity.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.