F-Secure : Cybercrime and other APT’s are copying North Korea-linked hackers TTPs to launch cyber attacks on banking/financial sector
Other cybercrime groups are copying APTs linked to North Korea to launch cyber attacks against the banking/finance sector. It has been discovered by F-Secure cyber security experts. According to a report, while North Korea is a unique case of a nation-state conducting financially-motivated attacks – many of which have been against the banking sector – the techniques used by the country’s hacking units have also been adopted by organized crime groups, adding to their repertoire of ways in which to steal from banks. Further to this, there has been a general change in the popularity of certain offensive techniques, some of which symbolize an increase in the sophistication of attacks. These changes include the rise of: distractive attacks, targeted ransomware attacks, supply chain attacks and cryptojacking.
The motivations are three: data theft, data integrity and sabotage, and direct financial theft
According to the cyber security experts, the more significant impact is that the various TTPs used by North Korea and other nation-states are trickling down to more attackers. SWIFT attacks, which see attackers steal a bank’s SWIFT credentials to send fraudulent transfer requests, are one example. Payment switch application compromises (using malware to authorize illegitimate ATM withdraws made by attackers) are another. Pyongyang hackers used both techniques, and both have spread to other adversaries. And while the reclusive country may be the only nation-state robbing banks, direct theft is only one reason to attack the finance sector. Data integrity/sabotage are also major motivations for attacks. Cyber criminals almost always do this to extort money (through ransomware or distributed denial-of-service-attacks). State-sponsored actors tend to do this for geopolitical purposes. Examples include North Korean attacks against South Korea, or Russian attacks against the Ukraine.
The cyber security experts: The financial sector has the money, data and influence to attract everyone from script-kiddies to sophisticated state-sponsored adversaries
The F-Secure resort underlines also that Data theft is another powerful motivation for attacking the finance sector. Financial data is often highly sensitive, and useful for social engineering, blackmail, or other types of manipulation. All in all, nation-states and cyber criminals alike have many reasons to attack the finance industry. The sector has the money, data and influence to attract everyone from script-kiddies to sophisticated state-sponsored adversaries. And generic threat trends like supply chain attacks affect the finance industry just as much as any other sector.