AS the world has been restrained due to the pandemic and people become reliant on the internet for work and virtual learning among others. Also, the pandemic has accelerated the shift to digital payments. As a result, this shift brings increased cyber risk. Cybercriminals took advantage of the COVID-19 pandemic for financial gain.
In a virtual media conference, global cybersecurity company Kaspersky unmasked the latest cyberthreats banking and financial services industry should be on guard against, as the pandemic continues in Southeast Asia (SEA).
Kaspersky’s cybersecurity expert noted the main trends witnessed in the cyberspace last year, and will continue in 2021. These include the abuse of COVID-19 theme, the exploit of researches related to the pandemic, and the scams and misinformation about the virus and the vaccines.
As of last year, more than 80,000 COVID-related domain connections and malicious websites were detected by Kaspersky in SEA alone. Malaysia registered the highest number followed by Vietnam, the Philippines, and Indonesia.
Kaspersky predicts that this trend will continue until 2021 as the region continues its battle against the pandemic and rolls out vaccines in different phases.
“It is becoming clear that these threat actors will keep on using topics related with the pandemic to trick the human mind. While vaccines are here, the situation continues to be uncertain,” said Kaspersky’s Senior Security Researcher, Global Research and Analysis Team (GReAT) Park.
“Countries are still implementing lockdowns, virtual learning and working are both here to stay, and digital payments are on the rise.”
This means IT infrastructure remains outstretched, further opening loopholes for threats targeting beyond Windows and internet-facing network devices as well as multi-platform and supply chain attacks, Park pointed out.
Cybercriminals targeting banks, cryptocurrency exchanges in SEA
Banks remain charming targets for cyber adversaries. In fact, data from Kaspersky’s GReAT revealed banks and financial institutions were second and third most targeted sectors last year, globally.
One of the campaigns singling out banks in Southeast Asia (SEA) is JsOutProx malware. Even though this malware is currently not a highly sophisticated strain, Kaspersky experts noted its continued attempts to infiltrate banks in the region.
The cybercriminals behind this module malware exploit file names associated with bank-related businesses and use heavily obfuscated script files, an anti-evasion tactic. This social engineering technique particularly preys on bank employees to get inside the institution’s network.
Once in, Park shares that “JSOutProx can load more plugins to perform malicious acts against its victims including remote access, data exfiltration, command and control (C2) server takeover, and more.”
Meanwhile, the other lucrative target for cybercriminals is the emerging cryptocurrency business in SEA. As the worth of cryptocurrency surge, many cyber threat groups are now waging online attacks against this sector.
As cryptocurrency is steadily being embraced in SEA, it is a natural progression for cybercriminals to set their eyes here. Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments.
“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers,” general manager for SEA at Kaspersky Yeo Siang Tiong commented.
To improve banks’ and financial organisations’ cyber defences, experts in Kaspersky suggest the following:
- Integrate Threat Intelligence into your SIEM and security controls in order to access the most relevant and up-to-date threat data
- Conduct regular security training sessions for staff, ideally a personalised one like Kaspersky Adaptive Online Training (KAOT) which uses a cognitive-driven approach, taking into account the abilities and needs of each and every learner
- Use traffic monitoring software – like Kaspersky Anti Targeted Attack Platform (KATA)
- Install the latest updates and patches for all of the software you use
- Forbid the installation of programs from unknown sources
- Perform regular security audit of an organization’s IT infrastructure
- For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response which can catch even unknown banking malware. – March 17, 2021