The other lucrative target for cybercriminals is the emerging cryptocurrency business in SEA. As the worth of cryptocurrency surge, many cyber threat groups are now waging online attacks against this sector.
A Kaspersky researcher recently identified that one of the cryptocurrency exchange in the region was compromised. As a result of thorough forensic investigation, it was confirmed that the Lazarus group was behind this attack detected in Singapore.
Another cryptocurrency-related threat is SnatchCrypto campaign, which was being conducted by the BlueNoroff APT. This gang is a subgroup of Lazarus which particularly attacks banks. It was also allegedly associated with the $81M Bangladesh Bank Heist.
Kaspersky has been tracking this SnatchCrypto since the end of 2019 and discovered the actor behind this campaign has resumed its operations with similar strategy.
In terms of the factors behind the increased threats against the sector, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky comments, “Cryptocurrency is steadily being embraced in SEA, hence it is a natural progression for cybercriminals to set their eyes here. Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments.”
“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers. It is crucial for banking and financial services providers to realise, as early as now, the value of intelligence-based, proactive defense to fend off these costly cyberattacks,” Yeo adds.
The last cybercrime group discussed by Park is the Kimsuky APT. Kaspersky first reported about Kimsuky in 2013 and it has since evolved in terms of tactics, techniques, and victimology. It initially targeted think-tanks in South Korea, particularly for cyberespionage. However, recent telemetry showed that the versatile and agile group now has strong financial motivation.
“We have been monitoring Kimsuky’s strong presence in South Korea. Our research showed they are using two infiltration techniques – attacks via spearphishing and attacks against supply chain. Either way, they target cryptocurrency investors to exfiltrate data and for remote access. With the group showing strong financial motivation, it is highly possible that their attacks can go beyond South Korea, particularly towards its neighbouring regions like Southeast Asia,” explains Park.
To improve banks’ and financial organisations’ cyber defences, experts in Kaspersky suggest the following:
- Integrate Threat Intelligence into your SIEM and security controls in order to access the most relevant and up-to-date threat data.
- Conduct regular security training sessions for staff, ideally a personalised one like Kaspersky Adaptive Online Training (KAOT) which uses a cognitive-driven approach, taking into account the abilities and needs of each and every learner.
- Use traffic monitoring software – like Kaspersky Anti Targeted Attack Platform (KATA).
- Install the latest updates and patches for all of the software you use.
- Forbid the installation of programs from unknown sources.
- Perform regular security audit of an organization’s IT infrastructure.
- For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response which can catch even unknown banking malware.