US$81 M Cyberheist: Threat data is key to fend off future cyberattacks against banks in SEA

Amidst the increased use of online banking and e-wallet in the region fuelled by the pandemic, Kaspersky reminds banks and financial services in Southeast Asia (SEA) to learn from the lessons of previous cyberattacks like the costly $81M cyberheist incident in 2016.

The global cybersecurity company, in an online conference with select media from the region, highlighted how the financial sector can utilize comprehensive threat data to beef up their defenses against sophisticated cybercrime groups such as Lazarus – the infamous cybergang allegedly behind the multi-million Bangladesh Bank Heist.

Phishing remains the ultimate entry used by sophisticated cybercriminals, says Kaspersky

In a previous report, Kaspersky has since revealed that malware samples relating to Lazarus group activity appeared in financial institutions, casinos software developers for investment companies, and crypto-currency businesses in several countries globally, including Indonesia, Malaysia, Thailand, and Vietnam, among others.

“The past offers us warnings which we must heed to be able to build a safer today. This applies to the financial sector and all other organizations especially when it comes to cybersecurity. More than four years after the world has witnessed one of the most successful cyber heist to date, it is essential for banks and related institutions in Southeast Asia to understand how they can leverage on threat intelligence to foil any sophisticated attempts against their systems,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“For instance, our cybersecurity researchers have been monitoring the Lazarus group closely for years. Through this intelligence, our solutions can detect the possible malware they may use suppose they try to get into a banking system. We can block them, analyze the malicious file, and alert the organisation’s IT team on which tactics and techniques to look out for based on the group’s previous attack behaviour, saving possible multi-million losses financially and professionally,” he adds.

The $81 million cyber heist also resulted to multiple lawsuits, reputation losses, billions of fine, one indictment and arrest, and several top bank officials’ resignations and even terminations.

Aside from threat intelligence, Kaspersky also noted the importance of human-factor when it comes to securing financial systems. The global cybersecurity cited a report which proved that the cyberheist started with a series of spear phishing emails, one was unfortunately clicked by an unsuspecting bank employee.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

The threat of phishing and spear-phishing remains present as Kaspersky’s network has detected 40,511,257 during the first five months of 2020, globally.

To improve banks’ and financial organizations’ cyber defenses, experts in Kaspersky suggest the following:

  • Integrate Threat Intelligence into your SIEM and security controls in order to access the most relevant and up-to-date threat data

  • Conduct regular security training sessions for staff, ideally a personalized one like Kaspersky Adaptive Online Training (KAOT) which uses a cognitive-driven approach, taking into account the abilities and needs of each and every learner

  • Use traffic monitoring software – like Kaspersky Anti Targeted Attack Platform (KATA)

  • Install the latest updates and patches for all of the software you use

  • Forbid the installation of programs from unknown sources

  • Perform regular security audit of an organization’s IT infrastructure

  • For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response which can catch even unknown banking malware