North Korean APT group and an unnamed affiliate have had significant exposure. For the last two years, hackers from these groups have been attacking a wide of cryptocurrency eco-system companies including cryptocurrency exchanges, play-to-earn cryptocurrency video games, cryptocurrency trading companies, individuals holding cryptocurrency, and even those holding non-fungible tokens (NFTs).
As late as April this year, North Korean hacking teams were running campaigns to distribute phishing lures and targeted baits. In one such campaign intercepted by Sectrio’s Threat Research team, the documents were planted on temporary sites hosted on the platforms of well-known hosting service providers. An email was then sent to lure the victim to open these documents. Once opened, a malicious program would be triggered through remote injection leading to the exfiltration of data without the knowledge of the victim. Lazarus used the same method to target many victims including agencies and individuals linked to the South Korean government.
According to a UN report, North Korean hackers could have siphoned off as much as US$ 400 mn and this money was deployed to fund the country’s missile development program.
However, now with the crash in the value of cryptocurrencies, North Korea has directed its APT teams to fan out and target banks directly to steal foreign currency. This is something these hackers had done for a while in the last decade and had even managed to hoodwink at least 2 banks in the Asia Pacific region (including the Central Bank of Bangladesh).
Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF
And now the bad news as the crypto market crashes
In the last 48 hours, Sectrio’s banking sector-focused honeypots have reported many anomalous activities across the globe. The number of phishing emails intercepted has also risen significantly in the same period. All this means that the hackers have already started targeting financial institutions and they may scale up their operations in the days to come and this is certainly bad news for banks.
Going by past trends, we can expect phishing attacks to expand in sophistication and coverage in the days to come. Hackers could also use multi-malware loaders to deploy more malware and run more codes to increase their chances of success. Banks need to be on their guard from now on and secure their infrastructure and processes to ensure these cyberattacks don’t succeed.
Sectrio is here to help the banking sector
When targeting banks, adversarial entities could begin by identifying and targeting diverse points of entry across the digital environment.
Using deception technology can help banks by leading cyber adversaries onto a parallel alley, a secure and isolated environment, where details such as assets of interest can be used by security teams to monitor their tactics, techniques, and procedures (TTP). The decoy infrastructure will appear real to a hacker but will not be running a live and active workload (honeypots) or it will deploy decoy objects in real workloads (honey tokens).
At Sectrio, we work to reduce breaches and discover and prevent cyberattacks early with our solutions.
Sectrio’s deception technology incorporates a proven detection and engagement logic enabling security teams to stay well ahead of attackers and know what they are up to. By representing itself as systems or services, an attacker is interested in, but is not actually used in any business processes, Sectrio’s Decoy and Deception solution can alert security teams at the start of a compromising activity without impacting the core digital assets, networks, and data.
Benefits of Sectrio Decoy and Deception
- Works at three levels viz., perimeter, network, and endpoints to ensure all attacks are deflected
- The attacker wastes time on the decoy while you get to study them and their work securely.
- Increases the cost for the attacker while reducing that for the defender
- The TTPs identified can be used to plug security gaps and improve the overall security posture
- Decoys can be customized to make the lures more appealing and realistic for protection against targeted attacks
Proof of value: a top-3 bank in the APAC region is using our solution to secure its infrastructure from sophisticated cyberattacks, cybercrime, and suspicious insider activity.
Talk to us to set up a free demo and for a comprehensive threat and security posture assessment of your infrastructure.
Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture.
Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds
Learn more about our threat assessment methodology here: OT and IoT Threat Assessment
Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo
Try our threat intelligence feeds for free for the next two weeks.