Tag: financial | Page 4

Tag Archive for: financial

Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

March 9, 2023/in Internet Security

Mar 08, 2023Ravie LakshmananZero-Day / BYOVD Attack

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year.

While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that’s widely used by public institutions and universities, the re-infiltration in October 2022 involved the exploitation of a zero-day in the same program.

Cybersecurity firm AhnLab Security Emergency Response Center (ASEC) said it’s refraining from divulging more specifics owing to the fact that “the vulnerability has not been fully verified yet and a software patch has not been released.”

The adversarial collective, after obtaining an initial foothold by an unknown method, abused the zero-day bug to perform lateral movement, shortly after which the AhnLab V3 anti-malware engine was disabled via a BYOVD attack.

It’s worth noting here that the Bring Your Own Vulnerable Driver, aka BYOVD, technique has been repeatedly employed by the Lazarus Group in recent months, as documented by both ESET and AhnLab in a series of reports late last year.

Among other steps taken to conceal its malicious behavior include changing file names before deleting them and modifying timestamps using an anti-forensic technique referred to as timestomping.

The attack ultimately paved the way for multiple backdoor payloads (Keys.dat and Settings.vwx) that are designed to connect to a remote command-and-control (C2) server and retrieve additional binaries and execute them in a fileless manner.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

The development comes a week after ESET shed light on a new implant called WinorDLL64 that’s deployed by the notorious threat actor by means of a malware loader named Wslink.

“The Lazarus group is researching the vulnerabilities of various other software and are constantly changing their TTPs by altering the way…

Source…

Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

February 8, 2023/in Internet Security

LOS ALTOS, Calif., Feb. 7, 2023 /PRNewswire/ — Contrast Security (Contrast), the code security platform built for developers and trusted by security, today released its Cyber Bank Heists report, an annual report that exposes the cybersecurity threats facing the financial sector.

Authored by Contrast’s Senior Vice President of Cyber Strategy Tom Kellermann, the report is a warning to global financial institutions (FIs) that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Financial sector security leaders from around the world – in a series of interviews – revealed specific trends when it comes to notable cyberattacks, e-fraud and cyber defense. Some of the most eye-opening results from the report include:

60% were victimized by destructive attacks

64% saw an increase in application attacks, while 50% experienced attacks against their APIs

48% experienced an increase in wire transfer fraud

50% have detected campaigns to steal non-public market information

54% of the banks were most concerned with the cyber threat posed by Russia

72% plan to invest more in application security in 2023

“The increase of online threats, phishing, ransomware attacks, account takeovers and business email compromises impacting the financial sector is growing every day and we can see in real-time the damage this is doing to the longevity of businesses and the impact it’s having on our economy,” said Derek Booth, Assistant to the Special-Agent-in-Charge, U.S. Secret Service and Head of the Mountain West Cyber Fraud Task Force. “I applaud Tom Kellermann for speaking with some of the most influential people within the sector to determine solutions that can better protect FIs against vulnerabilities in banks and methods of commerce through industry-wide transparency.”

“The complexity of securing financial digital systems and the need to develop new ways to guard against sophisticated cyberattacks has increased exponentially in the last year. In response, FIs are fighting to evolve and create more effective prevention, detection and response to these damaging attacks,” said…

Source…

https://spinsafe.com/wp-content/uploads/2021/12/og-image.jpg 342 342 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-02-08 00:00:062023-02-08 00:00:06Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

10 biggest financial data breaches of 2022

December 22, 2022/in Computer Security

Criminals have many means of stealing money and information from consumers, from scamming consumers directly to stealing their information from companies that hold it for them. For many cybercriminals, the quickest way to get a massive amount of valuable data is by targeting financial institutions.

Cybersecurity firm Flashpoint said in recently released data that the financial sector experienced the second highest number of data breaches in 2022, globally, behind government. U.S. banks were hit hardest, followed by institutions in Argentina, Brazil, and China.

This year, the number of consumer records leaked in breaches globally exceeded 254 million, according to Flashpoint. In the U.S. alone, data from the Maine attorney general indicates that around 9.4 million consumers across the country were affected by data breaches against financial companies.

At least 79 U.S. financial services companies reported data breaches affecting 1,000 or more consumers in 2022, and the largest breaches affect millions of consumers each. Here are some of the biggest data breaches affecting financial services companies this year.

Source…

https://spinsafe.com/wp-content/uploads/2022/12/rpm.jpeg 630 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-22 23:00:062022-12-22 23:00:0610 biggest financial data breaches of 2022

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

December 10, 2022/in Computer Security

Dec 10, 2022Ravie LakshmananHack-for-Hire / Threat Intelligence

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.

The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, Kaspersky said in a technical report published this week.

Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group.

Also tracked as DeathStalker, the threat actor is known to deploy backdoors like Janicab, Evilnum, Powersing, and PowerPepper to exfiltrate confidential corporate information.

“Their interest in gathering sensitive business information leads us to believe that DeathStalker is a group of mercenaries offering hacking-for-hire services, or acting as some sort of information broker in financial circles,” the Russian cybersecurity company noted in August 2020.

According to ESET, the hacking crew has a pattern of harvesting internal company presentations, software licenses, email credentials, and documents containing customer lists, investments and trading operations.

Earlier this year, Zscaler and Proofpoint uncovered fresh attacks orchestrated by Evilnum that have been directed against companies in the crypto and fintech verticals since late 2021.

Kaspersky’s analysis of the DeathStalker intrusions has revealed the use of an LNK-based dropper embedded inside a ZIP archive for initial access by means of a spear-phishing attack.

The lure attachment purports to be a corporate profile document related to power hydraulics that, when opened, leads to the deployment of the VBScript-based Janicab implant, which is capable of command execution and deploying more tools.

Newer versions of the modular malware have simultaneously removed audio recording features and added a keylogger module that shares overlaps with prior Powersing attacks. Other functions include…

Source…

https://spinsafe.com/wp-content/uploads/2022/12/Hack-for-Hire-Group-Targets-Travel-and-Financial-Entities-with-New-Janicab.png 380 728 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-12-10 07:30:052022-12-10 07:30:05Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant