Following the cybersecurity alerts issued earlier this week by Kaspersky Lab, US software company Arbor Networks has released has released two new threat intelligence reports detailing a trojan being used to target South Korean banks and a separate banking Trojan believed to be similar to Zeus, Neverquest and Dyreza.
“With financial institutions underpinning whole economies, they’re a particularly choice target vertical for impactful attack,” the company notes.
“Just recently we have seen an attacks on HSBC, Invest Bank and of course, JP Morgan. This has prompted the UK and US governments to carry out “war games” to test the financial services sector’s resistance to a cyberattack.”
Arbor’s security engineering and response team, aka ASERT, reports that South Korean banking websites require the use of a Novell Public Key Infrastructure (NPKI) authentication certificate, and it is this that the Trojan targets. Using this encrypted data the threat actor uses a fake banking site to secure further details, which can then be used to transfer money.
The team has dubbed the banker ‘Big Bong’ and its threat intelligence report, entitled ‘The Big Bong Theory: Conjectures on a Korean Banking Trojan’ offers an in-depth behavioural analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and virtual private network (VPN)-based communications.
South Korea is not the only country being targeted. The ASERT team has also studied the Corebot banking Trojan. Initially discovered and documented last year by researchers at Security Intelligence, it has since evolved rapidly and, in terms of capabilities such as browser-based web injections, become similar to dominant banking malware such as Zeus, Neverquest and Dyreza – although its impact has so far been much more limited.
However, despite its relative newness, Arbor’s ASERT team predicts “the threat posed by Corebot will increase over the next year or so, perhaps following the same track as those malware families that have gone before it” because it is of such a high calibre. You can find further details here:
ASERT began studying and monitoring Corebot shortly after it was initially documented. An in-depth analysis of Corebot’s inner workings are provided in a threat intelligence report entitled ‘Dumping Core: Analytical Findings on Trojan Corebot’ including coverage of its cryptography, network behaviour and banking targets.
The top five sectors Asian fintech investors are interested in are data analytics, blockchain, lending, payments and regtech, according to Gary Hwa, EY regional managing partner.
On the third day of the Singapore Fintech Festival conference, there was a focus on specific applications of fintech innovation. One was trade finance, which is clearly is ripe for a revolution.
Kicking off day two of the Singapore Fintech Festival, Deloitte Chairman David Cruikshank said that fintech is significant for three reasons. First, customer expectations of services are higher than ever. Second, barriers to entry are lower than before. And finally, financial institutions (FIs) face a threat of what a competitor might do.
The EU and US’ shift in accounting standards may bring balance sheet losses and increase credit risk, according to James Elder, director of risk services at Standard & Poor’s (S&P) Global.