Phuket, Thailand – Multinational cybersecurity and anti-virus provider Kaspersky Lab has warned that cyber spy groups across Asia Pacific, including in the Philippines, are no longer “just after data” and that they are now moving towards using supply chain attacks and legitimate tools to attack financial institutions and other sectors.
From spying, stealing, and leaking state, military, and trade secrets, cybersecurity researchers at Kaspersky Lab discovered that cyber criminals operating in the region now aim for monetary gain as they infect banks in Asia Pacific countries.
To date, it said that active Advanced Persistent Threat (APT) groups have successfully breached financial institutions in Malaysia, South Korea, Indonesia, Philippines, China (Hong Kong), Bangladesh, and Vietnam.
“This year, we have monitored the tectonic shift in APT actors’ behavior. These groups who are initially data-hungry are now going beyond traditional cyberespionage,” Yury Namestnikov, head of research center at Kaspersky Lab’s Global Research and Analysis Team (GReAT) in Russia, said during the 3rd Asia Pacific (APAC) Cyber Security Summit here.
“They added money-stealing on their attack menu as they hunt for vulnerable banks in the Asia Pacific (APAC) region which they can infect mostly through the rising epidemic,” he added.
Just this year, Kaspersky Lab has been able to monitor active APT actors in the region, namely the infamous Lazarus group and Cobaltgoblin other groups that use Carbanak-style attacks.
Lazarus is the cyber gang believed to be behind massive breaches including the Sony Pictures hack in 2014 and the multi-million cyber robbery against the Central Bank of Bangladesh last year. They are known for hacking C&C servers of banks and governments as launchpads for their malicious campaigns.
Carbanak made headlines in 2014 for the $1-billion bank heists in Russia, Ukraine, Germany, and China dubbed as “The Great Bank Robbery”. The group infiltrated their victims’ networks through spear phishing emails or infected Word documents exploiting known vulnerabilities.
With remote and covert access to the system, they gained control of the banks’ ATMs or websites and collected a significant amount of money. The degree of sophistication in terms of tools and the skilled manpower of the hackers behind these groups suggest that some of them are state-sponsored actors.
“Actors are switching towards using legitimate software instead of deploying unique malicious programs, which can allows them to perform the attack stealthy. Also they penetrated networks by supply chain attacks: in last three months there were four huge incidents of these similar pattern,” Namestnikov said.
The Manila Bulletin | Published By Madelaine B. Miraflor