’SINCE $81-M BANK HEIST, LAZARUS BUSY WITH OTHER ATTACKS’
THE infamous cybercrime group believed to be behind one of the world’s biggest cyber-heists back in 2016 has been on the prowl since. Kaspersky Security Researcher Seongsu Park, in a webinar on Wednesday, revealed that the Bluenoroff—a unit of Lazarus Group—has been launching cyberattacks in the past few years, noting that it has reached more targets besides banks, and its schemes have evolved as well.
After the news on the $81-million Bangladesh Bank Heist erupted a few years ago, Park said that cyberhacking groups responded differently. Some vanished while others just changed their tactics to avoid detection.
There are also groups which continued with what they were doing. “They just keep doing what they want to do,” he said.
The Bluenoroff was one of those groups that did not stop.
Park said the Lazarus subgroup has its own malware and a “strong capability to manipulate the system” of banks, financial technology firms and cryptocurrency businesses. It can even temper legitimate transactions, he added.
In the past year, Kaspersky noted that the group was able to cyber-attack several banks in Taiwan, Mexico, Chile, Myanmar, Italy, China and Japan, among others.
Park said the Lazarus unit used ransomware in the Taiwan bank case. “Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again,” Kaspersky defines.
He added that the study by the Russian cybersecurity firm revealed that the same codes were used in the cyberattacks.
Bluenoroff also launched a cyberattack on the automated teller machine of a bank in Chile last year.
According to him, the cyberhacking group was also using sophisticated social engineering. For example, it creates fake websites mimicking a cryptocurrency trading application.
After conducting reverse engineering, Park said that the Bluenoroff has the capability to erase its digital footprints after launching a cyberattack.
Beyond monetary loss
YEO SIANG TIONG, Kaspersky’s general manager in Southeast Asia, said that the cost of the cyberheist has gone beyond monetary loss.
“The $81-million cyber heist also resulted [in] multiple lawsuits, reputation losses, billions of fine, one indictment and arrest, and several top bank officials’ resignations and even terminations,” the cybersecurity firm said in a separate statement.
With this, Tiong advised the banks to always make sure they have a robust security system in place.
He said the banks should be able to protect backup servers because they contain information—such us passwords, logins and authentication tokens—that can be hacked.
“When deploying specialized software for money processing, follow recommendations and best security practices from your software vendor and security professionals,” Tiong added.
He said that employees should also be well-equipped with the knowledge regarding cyber threats as to avoid becoming victims of phishing activities.
According to Kaspersky, there were 40.51 million financial phishing e-mails detected in the first five months across the world.
Majority or nearly 80 percent of consumers in the Southeast Asian region almost got infected with banking malware on their personal computers in the same period.
In the Philippines, 0.02 percent of the population were almost infected with Android banking malware in the January-to-may period.
To recall, Philippine companies including Rizal Commercial Banking Corp. and Bloomberry Resorts Corp. were dragged into the bank heist in 2016, because the money taken by hackers from the Bangladesh Bank’s account in the Federal Reserve Bank of New York was funneled through bogus accounts in RCBC, and then allegedly laundered in Philippine casinos. A US court in New York dismissed the case earlier this year, but the Bangladesh Bank contested the decision.
The Bangladesh Bank then filed a new civil suit against the said firms last month for “conversion/ theft/ misappropriation; aiding and abetting the same; conspiracy to commit the same” and fraud, among others.
As of press time, there are no updates yet on the case.