This article was published on August 1, 2019

North Korean hacking groups and copycats are going after financial institutions


North Korean hacking groups and copycats are going after financial institutions

State-sponsored and criminal actors are mounting a wide array of cyber attacks against the global finance industry with an aim to steal data and sabotage trading systems, according to new research.

The report, published by Finnish cybersecurity firm F-Secure, detailed the increasing sophistication of these financially-motivated cyber attacks.

With financial institutions becoming a lucrative target because of their socio-economic importance, the attackers are exploiting the threat landscape to commit identify fraud, engage in insider trading, and inflict reputational damage that can run into millions of dollars.

“While North Korea is a unique case of a nation-state conducting financially-motivated attacks — many of which have been against the banking sector — the techniques used by the country’s hacking units have also been adopted by organized crime groups, adding to their repertoire of ways in which to steal from banks,” the report cautioned.

The cyber threat landscape

F-Secure broadly categorizes the threats into three: data theft, data sabotage, and direct financial theft. Financial information, like medical data, is very sensitive, and can come useful for attackers to blackmail victims and perpetrate a variety of social engineering attacks.

The report, in particular, noted how organized criminal groups inspired by North Korea have compromised banks’ SWIFT international payments systems — a technique employed by state-sponsored Lazarus Group (APT38) to steal almost $1 billion from Bangladesh Bank back in 2016.

Credit: F-Secure
Publicly known countries targeted by financially-motivated attacks from North Korea

Furthermore, the sector risks being exposed to a new wave of attacks, including the use of distractive malware, supply chain compromises and targeted ransomware, that go far beyond traditional theft.

By employing ransomware or distributed denial-of-service (DDoS) attacks as a diversionary tactic to break into the victim’s network infrastructure, and covertly abusing their computer systems to mine cryptocurrency (aka cryptojacking), the evolving capabilities of cyber criminals have resulted in sophisticated tactics, techniques, and procedures (TTPs) “trickling down” to other attackers.

The report also observes that the re-weaponization of exploits have enabled the threat actors to offer “cybercrime-as-a-service” on dark web.

The need for better security

A newly released research by IBM Security last week found that the average financial impact of a data breach costs businesses up to $3.92 million on average. Just a couple of days ago, US banking services firm Capital One disclosed a data breach affecting 106 million people across North America.

Researchers from Crowdstrike, likewise, warned nation-state hacking groups are increasingly targeting mobile devices in an effort to conduct espionage, intelligence gathering and sabotage of selected targets.

Whether be it by plugging data leaks or having robust security measures in place, the need for businesses to get better at detecting and defending against these attacks in order to protect its customers cannot be overstated enough.

“All in all, nation-states and cyber criminals alike have many reasons to attack the finance industry,” the researchers said. “Understanding the cyber threats relevant to specific companies and industries is an important nut to crack as it can significantly boost the efficiency of many aspects of security, from high-level exercises such as risk analysis and management, down to the implementation of new technologies and procedures.”

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with