Anchored in the $81-million Bangladesh Bank cyber heist, cybersecurity solutions firm Kaspersky laid out the persistent threats the continue to hound the financial sector in a virtual media presser. Banks and financial technology companies recorded a spike in digital transactions amid the pandemic and this opens the industry and the end-users to vulnerabilities.
Using a cloud-based messaging network for banks called SWIFT (Society for Worldwide Interbank Financial Telecommunication), security hackers sent 35 bogus instructions to illegally transfer $1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank. Some of the money found its way to the Philippines’ Rizal Commercial Banking Corp.
The elaborate and well-thought-out scheme that exploited bank and official holidays in the countries involved, illustrate the need for financial institutions to have a formidable security posture not only in terms of tools but also of employee education.
Trojans, backdoors, droppers top the list of most-searched malware by security analysts
Kaspersky warns small businesses in SEA of increase in malicious mining
According to Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, humans could be the weakest link when it comes to organizations’ cybersecurity framework.
There may be a handful of negligent workers that (inadvertently) assisted hackers to navigate the Bangladesh bank’s computer system. Someone in charge may have left the password token that protects the SWIFT international transactions network at Bangladesh Bank.
“It is essential for banks and related institutions in Southeast Asia to understand how they can leverage threat intelligence to foil any sophisticated attempts against their systems,” Yeo said. “It is important that employees are well-equipped with knowledge regarding cyber threats to avoid becoming victims of phishing activities.”
Yeo also noted that Kaspersky detected over 40 million financial phishing in the first half of 2020 alone. About 79.5% of consumers and 20.5% of enterprises were almost infected with banking malware on PCs in Southeast Asia on January-May 2020.
Lazarus
Seongsu Park, senior researcher of Kaspersky’s Global Research & Analysis Team (GReAT) said that a unit of Lazarus Group called BlueNoroff has been busy launching attacks in the past few years. The Lazarus Group targets banks, casinos, financial investment software developers, and cryptocurrency businesses. The malware attributed to this group recently has been found in 18 countries around the world.
“BlueNoroff has a strong capability to manipulate the system of financial institutions and can even temper legitimate transactions,” Park said.
Park noted that the group has launched attacks in Chile, Mexico, and Taiwan in the past years using the same codes in each incident. Aside from these sophisticated attacks, Park also said the group still resort to age-old manipulation of social engineering supporting Yeo’s explanation on human weaknesses when it comes to security.
“They (BlueNoroff) just keep attacking banks around the world,” Park said. “And they also keep attacking automated teller machines (and not only banks’ networks and systems).
Park said the group has set its eyes on the cryptocurrency and POS (point of sale), which is used in credit and debit card transactions. He said suspicious ATM-related modules were found loaded in the machines.
Security system
Yeo reiterated that while $81 million is a significant amount, cyber attacks in financial institutions “go beyond monetary loss.” A data breach, a hack, or a bank heist could trample the organization’s reputation resulting in loss of clients and transactions. That is on top of lawsuits, arrests, and destroyed lives.
“When deploying specialized software for money processing, follow recommendations and best security practices from your software vendor and security professionals,” Yeo said.
Park, for his part, said that financial organizations should “never let your guard down.” He emphasized that “notorious APT actors never give up. They keep evolving and adopting new technology to evade detection.”
The available cybersecurity solutions must complement employee awareness on the magnitude of the effects of negligence or ignorance.