Cybercriminals are deploying Covid-19 “themes” to launch cyberattacks on banks and cryptocurrency exchanges in the Southeast Asian region, cybersecurity firm Kaspersky reported.
In a virtual press conference, executives from Kaspersky noted that “the main trends witnessed in the cyberspace last year will continue in 2021” in terms of cybersecurity and threats.
These include the abuse of Covid-19 theme, the exploit of researches related to the pandemic, and the scams and misinformation about the virus and the vaccines, Kaspersky said.
Seongsu Park, senior security researcher at Kaspersky’s Global Research and Analysis Team, said that threat actors will continue to attack Windows and Linux systems, intelligent devices, and mobile phones, among others,
Park, who is directly involved in researching emerging threats, noted that Covid-19 and social engineering will become weapons for cyber threat actors to target financial institutions.
“It is becoming clear that these threat actors will keep on using topics related with the pandemic to trick the human mind. While vaccines are here, the situation continues to be uncertain. Countries are still implementing lockdowns, virtual learning and working are both here to stay, and digital payments are on the rise. This means IT infrastructure remains outstretched, further opening loopholes for threats targeting beyond Windows and internet-facing network devices as well as multi-platform and supply chain attacks,” Park said.
Kaspersky said that as of 2020, more than 80,000 Covid-related domain connections and malicious websites were detected by Kaspersky in SEA alone. Malaysia registered the highest number followed by Vietnam, the Philippines, and Indonesia.
This trend is expected to continue until 2021 as the region continues its battle against the pandemic and rolls out vaccines in different phases.
The cybersecurity firm said banks remain “charming” targets for cyber adversaries. In fact, data from Kaspersky revealed that banks and financial institutions were the second- and third-most targeted sectors last year, globally.
Kaspersky revealed that one of the campaigns singling out banks in the Southeast Asian region is the “JsOutProx” malware. Even though this malware is currently not a highly sophisticated strain, Kaspersky experts noted its continued attempts to infiltrate banks in the region.
The cybercriminals behind this module malware exploit file names associated with bank-related businesses and use heavily obfuscated script files, an anti-evasion tactic, Kaspersky warned. This social engineering technique particularly preys on bank employees to get inside the institution’s network.
Once in, Park said that “JSOutProx can load more plugins to perform malicious acts against its victims including remote access, data exfiltration, command and control server takeover, and more.”
Kaspersky added that the other lucrative target for cybercriminals is the emerging cryptocurrency industry in the region. As the worth of cryptocurrency surge, many cyber threat groups are now waging online attacks against this sector.
Kaspersky recently revealed that one of the cryptocurrency exchanges in the region was compromised. As a result of thorough forensic investigation, it was confirmed that the Lazarus group was behind this attack detected in Singapore.
Another cryptocurrency-related threat is SnatchCrypto campaign, which was being conducted by the BlueNoroff APT. This gang is a subgroup of Lazarus which particularly attacks banks. It was also allegedly associated with the infamous $81-million Bangladesh Bank heist.
Kaspersky has been tracking this SnatchCrypto since the end of 2019 and discovered the actor behind this campaign has resumed its operations with similar strategy, the company said.
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, said “cryptocurrency is steadily being embraced in SEA, hence it is a natural progression for cybercriminals to set their eyes here. Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments.”
The executive noted that “as we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers. It is crucial for banking and financial services providers to realize, as early as now, the value of intelligence-based, proactive defense to fend off these costly cyberattacks.”
For the Philippines, Kaspersky is advising financial institutions not to “let their guards down” and continue to focus their efforts in establishing a security operations center. The company also advised local firms to “seek help” on top of having a basic level of defense.
Philippine should also brace for ransomware, which according to Kaspersky, will be the top threat to watch out for in 2021.