In a recent virtual media conference, global cybersecurity company, Kaspersky, discussed the rising instances of cyber threats that revolve around the COVID-19 theme – from false information related to the pandemic to scams that are themed around the virus and its vaccines. This undoubtedly shows how cybercriminals never miss the opportunity to take advantage of any crisis to cause havoc and make a quick profit.
“It is becoming clear that these threat actors will keep on using topics related with the pandemic to trick the human mind. While vaccines are here, the situation continues to be uncertain. Countries are still implementing lockdowns, virtual learning and working are both here to stay and digital payments are on the rise. This means IT infrastructure remains outstretched, further opening loopholes for threats targeting beyond Windows and internet-facing network devices as well as multi-platform and supply chain attacks”, said Seongsu Park, Senior Security Researcher, Global Research and Analysis Team (GReAT) at Kaspersky.
During the conference, Kaspersky’s cybersecurity expert also presented the main trends that occurred in 2020, which would likely continue in 2021. Park shared that Kaspersky detected more than 80,000 COVID-19-related domain connections and malicious websites in SEA alone last year. Malaysia recorded the highest number among other SEA regions like Vietnam, the Philippines and Indonesia.
Cybercrime Groups Turn to Banks and Cryptocurrency
While most industries worldwide are affected by the potential risk of cyber threats, the banking industry remains the prime target for cyber adversaries – since the banks have what the attackers want the most, ‘money and personal information’. In fact, banks and financial institutions were the second and third most targeted sectors last year, worldwide, according to the data from Kaspersky’s GReAT.
Banks are not the only sector that is on the radar among cybercriminal groups. According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, cryptocurrency is increasingly being embraced in Southeast Asia and as the cryptocurrency sector shows its worth, many cybercriminal groups are now taking advantage of this to attack this sector.
Of note, it was reported that there had been two major cryptocurrency-related campaigns last year – one of which was conducted by the infamous Lazarus group, while another campaign was conducted by a subgroup of Lazarus, BlueNoroff APT, which mainly targets banks. This was the same group that was rumoured to have lead the $81M Bangladesh Bank Heist.
As the conference went on, Park continued the discussion on cybercriminal groups by focusing on Kimsuky APT, a cyber-espionage campaign targeting South Korea’s think-tanks. This group was first reported by Kaspersky back in 2013 and it has evolved ever since.
Park explained further. “We have been monitoring Kimsuky’s strong presence in South Korea. Our research showed they are using two infiltration techniques – attacks via spearphishing and attacks against the supply chain. Either way, they target cryptocurrency investors to exfiltrate data and for remote access. With the group showing strong financial motivation, it is highly possible that their attacks can go beyond South Korea, particularly towards its neighbouring regions like Southeast Asia”.
“As we continue to move our money to the online world, we have also witnessed massive data breaches and ransomware attacks last year, which should serve as a warning for financial institutions and payment service providers. It is crucial for banking and financial services providers to realise, as early as now, the value of intelligence-based, proactive defence to fend off these costly cyber attacks”, concluded Yeo.