Surge Of Attacks On Banking & Finance Using N Korean Tools

For over 200 year’s criminals have been stealing from banks and as methods change we now have phishing and cyber bank theft.  In fact, F-Secure’s Cyber has said in a recent Report that the threat landscape for the finance sector indicates that it might be getting worse, with the cyber-attack capabilities of nation-states spreading to more common cyber criminals

Cyber-attacks pioneered by groups linked with the North Korean government are now being deployed by other threat actors, security specialists at F-Secure have warned. The targeted are often companies and organisations in UK, US, Brazil, South Africa, Russia, Japan, India and elsewhere.

Criminals have various ways in which they can profit from stolen personal data, such as by extorting targeted organisations, selling the data on dark web markets, committing identity fraud, or accessing customer accounts and stealing funds. 

‘While North Korea is a unique case of a nation-state conducting financially-motivated attacks - many of which have been against the banking sector - the techniques used by the country's hacking units have also been adopted by organised crime groups, adding to their repertoire of ways in which to steal from banks.’

In particular, the report added, non-state attackers have been inspired by North Korea to target the banks' SWIFT international payments systems. This probably helped North Korea to steal almost a billion dollars from the Bangladesh Bank in 2016 using the Lazarus group

North Korea’s group Lazarus has made similar attacks on other large banks and N. Korea has links to organised crime around the world, including drug running and producing counterfeit currency.

"Attackers compromise a bank's SWIFT payment operators, steal their credentials, and subsequently send fraudulent transfer requests via the SWIFT messaging system.

"When confirmation messages of these transactions are sent back to the compromised back, the attacker's malware intercepts and deletes them, thus removing evidence that the transactions occurred. The illicitly transferred funds get withdrawn from the attackers' accounts by money mules, and the cash is then laundered," the report explained.

The report highlights how attackers are increasingly targeting the financial sector with a range of imaginative attacks in a bid to make big financial gains.

Other attacks on the financial sector include ‘payment switch application compromise': "When a customer goes to withdraw funds from an ATM, a request gets sent to the customer's bank.

"The payment switch application handles this request, conducts a number of checks, for example whether the customer has the required funds in their account, and sends a confirmation - or rejection - message.

"Attackers are compromising these payment switch applications, so that ATM requests made by the attackers' cards are intercepted by the malware. The malware then automatically authorises these requests, regardless of their legitimacy, and the ATM releases unlimited cash for the money mules."

It's not just banks that are being targeted, but financial institutions large and small, including insurance companies, asset managers and other organisations in the financial sector, or the supply chain of financial organisations.

"North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years," said George Michael, a senior research analyst at F-Secure talking to Computing Magazine. He continued: "This is symbolic of a wider trend that we've seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals."

Michael added that simply throwing money at IT security isn't enough either. "We continue to see companies suffer from unsophisticated breaches despite having spent millions on security.

"Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations."

Computing:           f-Secure Report:       f-Secure Blog:

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

The New Sophistication Of Nation-State Hacking:

 

 

 

« Cyber Terrorism & Piracy
More About The Capital One Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.