A study titled "Follow the Money" by Outpost24's Blueliv that addressed the financial sector, aims to identify and follow groups that are big perpetrators of financial theft and fraud. The Lazarus, Cobalt, and FIN7 threat groups were determined to be the most common threat actors targeting financial institutions. As the Covid-19 pandemic has further aggravated the situation by disrupting training and operations, it's no surprise that cyber attacks on financial institutions are on the rise.
Attacking banks provide various possibilities for profit for cybercriminals through extortion, theft, and fraud, while nation-states and hacktivists also target the financial industry for political and ideological leverage. The Strategic Technologies Program investigates the evolution of cyber risks to the financial system, as well as legal and regulatory attempts to improve its defenses.
Lazarus is a North Korean state-sponsored advanced persistent threat (APT) group that has been linked to high-profile assaults on Sony Pictures Entertainment, the Bangladesh Bank via SWIFT, and the WannaCry ransomware epidemic in 2017. Banks, casinos, financial investing software producers, and crypto-currency enterprises are among the companies involved.
The group's virus has lately been discovered in 18 nations around the world. A vulnerability in one of the targeted organization's servers is discovered by the Lazarus team. It infects a website that was accessed by employees of a particular organization, uses malware to access the target's IT infrastructure, and finds a server running SWIFT software. This group tries to drain the company's accounts by downloading new malware that could communicate with SWIFT software.
Cobalt has been linked to attacks against financial institutions around the world, resulting in the theft of millions of dollars, since at least 2016. It first appeared on the scene with an ATM jackpotting attack on a Taiwanese bank. Despite the arrests, the gang is believed to be still functioning. To break into networks, the Cobalt group uses social engineering—users open infected attachments from phishing emails that are disguised to look like messages from reputable corporations and regulatory agencies. These attachments contain a document file that either downloads or contains a dropper in a password-protected archive from a remote server.
Another important, profit-driven threat group is FIN7, which specializes in Business Email Compromise (BEC) and the deployment of Point-of-Sale (PoS) malware designed to steal large amounts of customer credit card information from businesses.
While banking and finance cybersecurity tactics are evolving, there are still numerous improvements that can be addressed, according to Blueliv.