This report analyzes recent cyber threats impacting the financial sector in South Korea and beyond, highlighting malware, phishing cases, and ransomware attacks. It details incidents such as database leaks, ransomware breaches, and unauthorized access sales. The report emphasizes the urgency for financial institutions to enhance their security measures. Affected: BreachForums, RansomHub, ****Life, unnamed U.S. Mega Bank
Keypoints :
- Comprehensive analysis of cyber threats in the financial industry.
- Top 10 malware targeting the financial sector discussed.
- Statistics on leaked South Korean accounts provided.
- Detailed examination of phishing emails aimed at financial institutions.
- Overview of major threats and cases from the dark web.
- Specific cases of credit card data breaches and ransomware attacks highlighted.
- Urgent need for financial institutions to monitor and protect their data.
MITRE Techniques :
- Initial Access (TA0001) – Access to firewall and VPN hosting servers sold on BreachForums.
- Data Encrypted for Impact (TA0040) – RansomHub claimed responsibility for encrypting data from ****Life.
- Data Exfiltration (TA0010) – RansomHub claims to have stolen 1 TB of data from ****Life.
- Credential Dumping (TA0006) – Root-level access to bank servers being sold, indicating potential credential compromise.
- Phishing (TA0001) – Phishing emails targeting financial institutions detailed in the report.
Full Research: https://asec.ahnlab.com/en/85685/