Cyber espionage groups that were into data hacking are now attacking financial institutions in the Asia Pacific (APAC) region, a new Kaspersky Lab report said. The Kaspersky researchers discovered that cybercriminals operating in the region now aim for monetary gain as they infect banks in the APAC countries.
The Advanced Persistent Threat (APT) groups have successfully breached financial institutions in Malaysia, South Korea, Indonesia, Philippines, China (Hong Kong), Bangladesh and Vietnam.
“These groups who are initial data hungry are now going beyond traditional cyberespionage. They added money-stealing on their attack menu as they hunt for vulnerable banks in the Asia Pacific region,” said Yury Namestnikov, Head of Research Centre, Russia at Kaspersky Lab’s Global Research and Analysis Team (GReAT).
In 2017, Kaspersky Lab has been able to monitor active APT actors in the region, namely the infamous “Lazarus” group and “Cobaltgoblin” that use Carbanak-style attacks. Lazarus is the cyber gang believed to be behind massive breaches including the Sony Pictures hack in 2014 and the multi-million cyber robbery against the Central Bank of Bangladesh last year.
Carbanak made headlines in 2014 for the $1-billion bank heists in Russia, Ukraine, Germany and China, dubbed as “The Great Bank Robbery”. The group infiltrated their victims’ networks through spear phishing emails or infected Word documents exploiting known vulnerabilities.
The degree of sophistication in terms of tools and the skilled manpower of the hackers behind these groups suggest that some of them are state-sponsored actors.
“Actors are switching towards using legitimate software instead of deploying unique malicious programmes, which can allow them to perform the attack stealthily. In terms of monetisation, it could be attacks against ATM infrastructure, SWIFT servers or databases with transactions and debit/credit cards information,” Namestnikov added.
The exact monetary losses from financial institutions attacks in APAC are unconfirmed as of now but Kaspersky researchers said the discovery has helped foil breaches before financial firms could lose money. The global cybersecurity company suggests the use of a highly sophisticated solution that enables businesses to detect targeted attacks and other malicious actions through careful monitoring of network activity, web and email like the “Kaspersky Anti Targeted Attack Platform”.