Source: Kaspersky
KUCHING: Malaysia has registered the highest number last year in Covid-related domain connections and malicious websites in Southeast Asia (SEA) and Kaspersky projects that this trend is expected to continue until 2021.
As of last year, more than 80,000 Covid-related domain connections and malicious websites were detected by Kaspersky in SEA alone.
According to Kaspersky, Malaysia registered the highest number followed by Vietnam, the Philippines, and Indonesia.
This trend is expected to continue until 2021 as the region continues its battle against the pandemic and rolls out vaccines in different phases.
In a virtual media conference, global cybersecurity company Kaspersky unmasked the latest cyberthreats banking and financial services industry should be on guard against, as the pandemic continues in SEA.
Kaspersky’s cybersecurity expert noted the main trends witnessed in the cyberspace last year, and will continue in 2021.
These include the abuse of Covid-19 theme, the exploit of researches related to the pandemic, and the scams and misinformation about the virus and the vaccines.
“It is becoming clear that these threat actors will keep on using topics related with the pandemic to trick the human mind. While vaccines are here, the situation continues to be uncertain,” Kaspersky’s Global Research and Analysis Team (GReAT) senior security researcher Park revealed.
“Countries are still implementing lockdowns, virtual learning and working are both here to stay, and digital payments are on the rise.
“This means IT infrastructure remains outstretched, further opening loopholes for threats targeting beyond Windows and internet-facing network devices as well as multi-platform and supply chain attacks.”
Banks remain charming targets for cyber adversaries. In fact, data from Kaspersky’s GReAT revealed banks and financial institutions were second and third most targeted sectors last year, globally.
One of the campaign singling out banks in SEA is JsOutProx malware.
Even though this malware is currently not a highly sophisticated strain, Kaspersky experts noted its continued attempts to infiltrate banks in the region.
The cybercriminals behind this module malware exploit file names associated with bank-related businesses and use heavily obfuscated script files, an anti-evasion tactic.
This social engineering technique particularly preys on bank employees to get inside the institution’s network.
Once in, Park shared that JSOutProx can load more plugins to perform malicious acts against its victims including remote access, data exfiltration, command and control (C2) server takeover, and more.
The other lucrative target for cybercriminals is the emerging cryptocurrency business in SEA. As the worth of cryptocurrency surge, many cyber threat groups are now waging online attacks against this sector.
A Kaspersky researcher recently identified that one of the cryptocurrency exchange in the region was compromised.
As a result of thorough forensic investigation, it was confirmed that the Lazarus group was behind this attack detected in Singapore.
Another cryptocurrency-related threat is SnatchCrypto campaign, which was being conducted by the BlueNoroff APT.
This gang is a subgroup of Lazarus which particularly attacks banks. It was also allegedly associated with the US$81 million Bangladesh Bank Heist.
Kaspersky has been tracking this SnatchCrypto since the end of 2019 and discovered the actor behind this campaign has resumed its operations with similar strategy.
In terms of the factors behind the increased threats against the sector, Kaspersky’s SEA general manager Yeo Siang Tiong commented that cryptocurrency is steadily being embraced in SEA, hence it is a natural progression for cybercriminals to set their eyes here.
“Its growth is part and parcel of the region’s digital transformation, and is parallel to the increased adoption of e-commerce and digital payments,” Yeo said.
“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year which should serve as a warning for financial institutions and payment service providers.
“It is crucial for banking and financial services providers to realise, as early as now, the value of intelligence-based, proactive defense to fend off these costly cyberattacks.”
The last cybercrime group discussed by Park is the Kimsuky APT. Kaspersky first reported about Kimsuky in 2013 and it has since evolved in terms of tactics, techniques, and victimology.
It initially targeted think-tanks in South Korea, particularly for cyberespionage.
However, recent telemetry showed that the versatile and agile group now has strong financial motivation.
“We have been monitoring Kimsuky’s strong presence in South Korea,” Park explained.
“Our research showed they are using two infiltration techniques – attacks via spearphishing and attacks against supply chain. Either way, they target cryptocurrency investors to exfiltrate data and for remote access.
“With the group showing strong financial motivation, it is highly possible that their attacks can go beyond South Korea, particularly towards its neighbouring regions like Southeast Asia.”