Cybercriminals remain undeterred by the kind of security solutions firms have designed for banks and financial institutions (FI). Cybersecurity solutions firm Kaspersky warns of the continuing trend from 2020 where the sectors are the second and third most sectors, following government institutions in first place.
Seongsu Park, senior security researcher, Global Research and Analysis Team (GReAT) at Kaspersky, warns of active APT (advanced persistent threat) groups targeting banks and FI.
In Kaspersky’s annual APT Landscape summary, banks and FIs are consistently always among the top targeted sectors.
“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers. It is crucial for banking and financial services providers to realize, as early as now, the value of intelligence-based, proactive defense to fend off these costly cyberattacks,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
Park highlighted the persistent use of the supply chain to launch attacks because as the pandemic continues, the remote work setup is becoming the norm. People are glued to their mobile devices much longer than before. It allows cybercriminals to exploit this vulnerability, beginning with end-users then perform a much larger attack on networks and enterprises.
“IT infrastructure remains outstretched, further opening loopholes for threats targeting beyond Windows and internet-facing network devices as well as multi-platform and supply chain attacks,” Park said.
Aside from mentioning Carbanak APT, which somehow trained the spotlight on bank cyber heists, Kaspersky noted the JsOutProx malware, which was discovered by another vendor. JsOutProx malware has been targeting banks in Southeast Asia (SEA).
The module malware, which Kaspersky said is “not a highly sophisticated strain” continues its exploit employing the age-old strategy of using bank-related terms. Unsuspecting users unwittingly deploy heavily obfuscated script files infecting a whole system in the process.
“JSOutProx can load more plugins to perform malicious acts against its victims including remote access, data exfiltration, command and control (C2) server takeover, and more,” Park said.
COVID-19 vaccine, cryptocurrency
Cybercriminals continue to ride on the COVID-19 pandemic covering all corners including vaccine rollout and pandemic response. But since cryptocurrency has become a hot topic the past few days, Kaspersky said it detected over 80,000 COVID-19-related domain connections and malicious websites in SEA. As the end of the pandemic is nowhere in sight in spite of the massive vaccine rollout, Kaspersky believes this trend will continue.
As cryptocurrency enjoys so much attention lately, Park warns of cryptocurrency-related threats that would be carried out by different groups with special mention to the Lazarus group, which, according to Kaspersky, recently attacked the region.
“Cryptocurrency is steadily being embraced in SEA, hence it is a natural progression for cybercriminals to set their eyes here. Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments,” Yeo said.