This report comprehensively covers actual cyber threats and related security issues that have occurred targeting domestic and foreign financial companies.

It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the top 10 major malware targeting the financial sector, and also provides industry statistics on domestic accounts leaked through Telegram. Cases of distribution of phishing emails targeting the financial sector were also covered in detail.

We also analyzed major financial threats and cases that occurred on the dark web. We investigated threats and actual cases of credit card data leaks, and threats and cases of database leaks from financial institutions. We also analyzed damage caused by ransomware infringement threats and infections targeting the financial sector, as well as various cyber attack threats and actual damage cases targeting financial institutions.

 

[Table of Contents]

• Statistics on Malware Distributed to Financial Sectors
• Top 10 Major Malware Targeting Financial Sector
• Statistics on Korean Accounts Exfiltrated Via Telegram by Industry
• Phishing Email Distribution Cases Targeting the Financial Sector 
  • Case 1. Phishing Disguised as Delivery Note, Targeting Staff Members of the National Credit Union Federation of Korea
  • Case 2. Phishing Disguised as Statement From Hyundai Capital, Targeting the Korean Standards Association
• Major Deep Web & Dark Web Issues Related to the Financial Sector
  • Threat of Credit Card Data Breach
    • Cases of Credit Card Breach
  • Threat of Database Breach
    • Cases of Database Breach
  • Threat of Ransomware Breach
    • Cases of Ransomware Infection
  • Cyberattack Damage
    • Cases of Cyberattack Damage

 

[Statistical Summary]

 

– Statistics on Malware Distributed to Financial Sectors

– Statistics on Korean Accounts Exfiltrated Via Telegram by Industry

 

 

[Major Deep Web & Dark Web Issues Related to the Financial Sector]

 

Database leak case 

 

– Leaked company : Bank ******

 

A threat actor on the cybercrime forum BreachForums claimed that they exfiltrated the email addresses of Jawa ****** bank’s employees. Jawa ****** bank is located in Central Java (Jawa Tengah) in Indonesia. 

The threat actor claimed that they had the email addresses of the employees at this bank and implied that additional cyberattacks would be possible with this data. This incident is a case where the personal information of bank employees was leaked to the outside. To respond to this, Jawa ****** bank must warn and educate its employees about phishing attacks and strengthen its email security protocols. To prevent additional breaches, security inspection for the email system and implementation of multi-factor authentication (MFA) is necessary

 

 

 

Cases of companies affected by ransomware infection

 

Akira, BianLian, BlackSuit, Brain Cipher, Medusa, Ra World, and RansomHub ransomware gangs compromised numerous financial companies and posted them as victims on the Dedicated Leak Sites (DLS) they operate. Damage cases are summarized as follows.

 

– Ransomware : Akira

The following financial companies were listed as victims.
 

• Affected Company : *****coop.net

 

The Akira ransomware gang claimed that they stole data from *****coop. *****coop is a fintech firm headquartered in Chile that provides personalized financial consultations utilizing AI and ML, automated investment management, and budget management. 

The gang stated that they stole over 20 GB of the firm’s data, which included accounting data and other internal business files. The gang employs a double extortion tactic by stealing data and then publicly releasing some of it. They threaten to disclose the victim’s name and data on their DLS if the ransom is not paid. 

This situation requires *****coop to take immediate and systematic action. They must first check if the data exfiltration claim is true through the published sample data. Then, the exact scope of damage must be assessed by cooperating with a security specialist, and a thorough inspection of networks and systems will be necessary to prevent additional data breaches. 

It is also important that *****coop establish recovery measures for the leaked data and strengthen the backup system to prevent future ransomware attacks. As it is likely that the exfiltrated data includes customers’ personal information and financial data, customers must be swiftly informed of the situation and any protection measures they must take. 

This incident serves as a reminder for fintech firms to establish stronger cybersecurity systems, as they deal with customers’ sensitive information. In particular, companies that use AI and ML must be more cautious so that the cutting-edge technology does not become security vulnerabilities.