Lazarus, Cobalt, and FIN7 have all been identified as major hacker organisations targeting the financial sector

The hacker groups Lazarus, Cobalt, and FIN7 have been identified as the most common threat actors affecting financial institutions today.

Members of these organizations, according to “Follow the Money,” a new analysis (.PDF) issued on Thursday by Outpost24’s Blueliv on the financial sector, are the primary perpetrators of theft and fraud in the business today.

Cybercriminal gangs have traditionally targeted the financial industry, and they may continue to do so in the future. Customers’ and clients’ sensitive personally identifiable information (PII), bank accounts, and cash are routinely held by organizations in this field.

These also frequently support the economy: if a payment processor or bank’s systems fall down as a result of malware, it may inflict irreparable damage not just to the affected organization, but also to consumers’ financial and operational interests.

PII for identity fraud, bank accounts for fraudulent transactions, and a high likelihood that a financial firm would rather submit to a ransomware blackmail demand than disrupt operations: these potential attack vectors explain why cyber attackers are relentless in their pursuit of financial sector players.

The COVID-19 outbreak, as well as the resulting interruption in operations and training, has further exacerbated the problem.

The major methods in which financial companies are attacked are outlined in Blueliv’s whitepaper, which is based on threat information gathered by the unit. Phishing, BEC schemes, malware, and credential theft all make an appearance, with Azorult, Arkei, Redline, Raccoonstealer, and Collector being the top five credential thieves as of October 2021.

The Trojans TinyBanker/Tinba, Dridex, Anubis, Trickbot, and Kronos are often involved with financial services assaults, and some of these malware families may also be used to retrieve and execute second-stage ransomware strains like BitPaymer.

Point-of-sale (PoS) malware, ATM compromise, digital card skimmers physically placed at outlets that are used to clone consumer cards, and distributed denial-of-service (DoS) attacks designed to disrupt a business by flooding their online platforms with illegitimate traffic are all threats that banks and payment processors face.

Lazarus, Cobalt, and FIN7 have taken the top ranks among the most hazardous threat actors targeting the financial industry.

Lazarus is a North Korean state-sponsored advanced persistent threat (APT) organization connected to high-profile assaults against Sony Pictures Entertainment, the Bangladesh Bank through SWIFT, and the WannaCry ransomware epidemic in 2017.

In a series of hacks, the organization has attacked the SWIFT transaction system. The US Department of Justice (DoJ) indicted two members of Lazarus in February of last year for their participation in attacks against banks in Vietnam, Bangladesh, Taiwan, Mexico, and other nations.

Also titled is Cobalt/Gold Kingswood. Cobalt has been connected to attacks against financial institutions throughout the globe, resulting in the loss of millions of dollars. It is thought to have been active since at least 2016 and first appeared on the scene with an ATM jackpotting assault against a Taiwanese bank. Despite the arrests, the gang is believed to be still functioning.

Another important, profit-driven threat organization is FIN7. FIN7/Carbanak specializes in Business Email Compromise (BEC) and the deployment of Point-of-Sale (PoS) malware intended to steal large amounts of customer credit card information from businesses.

Dridex and TA505 are two more cybercriminal outfits worth noting, according to the experts.

“In order to maintain a higher degree of protection, financial institutions must assess their present cybersecurity posture and prepare their companies to adapt,” Blueliv advises. “While banking and finance cybersecurity measures are developing, there are still numerous improvements that may be implemented.”

In related news, Which? published a report this week on the security posture of the top 15 UK banks. Overall, HSBC, NatWest, and Barclays came out on top, although few came close to matching them in terms of online banking services, such as encryption, account management, and secure login systems.