November 2024: Security Issues in the Financial Industry
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad.
The article includes an analysis of malware and phishing cases distributed to the financial sector, the Top 10 malware targeting the financial sector, and statistics on the industries of leaked South Korean accounts. A case of phishing emails distributed to the financial sector is also covered in detail.
The analysis also covers major financial threats and cases that occurred in the dark web, including the threat and cases of credit card data breach and database breach in financial institutions. It also includes the threat and cases of ransomware attacks targeting the financial sector, and various cyber threat and actual cases of attacks targeting financial institutions.
Key issues in the Deep and Dark Web Concerning the Financial Sector
Case of Database Leak
Victim: https://www.ot***.hu/
Data of the Hungarian bank OT*** has been leaked on the cybercrime forum BreachForums.
OT*** is the largest commercial bank in Hungary and one of the largest independent financial service providers in Central and Eastern Europe, offering banking services for individual and corporate clients. The *** Group includes subsidiaries in the fields of insurance, real estate, factoring, leasing, asset management, investment, and pension funds. In addition to Hungary, the *** Group operates through subsidiaries in 11 countries in the region.
The threat actor (gettexik) claimed to have leaked about 13,952 OTP bank accounts. The post included access credentials and a sample for these accounts. The leaked account information includes email addresses, user IDs, and passwords.
The fact that the post mentioned the threat group IndoHaxSec, which is known to have collaborated with the Chechen hacktivist NoName507 (16) to launch attacks against NATO member countries that supported Israel, shows that the post was written by gettexik, but the actual threat group that carried out the attacks is IndoHaxSec.
Ransomware Breach Cases
The Akira, Bashe, Hunters International, Iynx, RansomHub, and Sarcoma ransomware gangs have breached multiple financial companies and posted the information of their victims on the Dedicated Leak Sites (DLS) they operate. Below is a summary of the breach cases.
Ransomware: Akira
Affected Company: https://www.t***bank.com/
The Akira ransomware gang claimed to have attacked the U.S. commercial bank T*** Bank.
T*** Bank is a commercial bank established in 1901 and is supervised by the Federal Deposit Insurance Corporation (FDIC). It mainly offers various financial services including deposits, loans, and online banking. T*** Bank focuses on providing reliable financial services by prioritizing the protection and security of customer information.
The ransomware gang claimed to have stolen 13 GB of organizational data from T*** Bank. They also stated that the stolen data includes financial information, driver’s licenses, Social Security numbers, and employee contacts.
Access Privileges Being Sold
Affected Company: https://www.b***.es/
The cybercrime forum BreachForums has a threat actor selling access privileges and data of Banco *** Bolivia, B***.
Banco *** Bolivia, B*** is the national bank of Bolivia established in accordance with the law of 1911. It was founded on July 20, 1928, by Law No. 632 and officially began its operations on July 1, 1929. The bank is mainly responsible for currency policy formulation, financial system stability maintenance, foreign exchange management, and national foreign exchange reserves management. B*** is a key institution for the economic stability and development of Bolivia, playing a central role in the national economy.
The threat actor (AKA_Astaroth) claimed to have stolen 21,000 sensitive data of B***, including the administrator’s IP and device information. They also stated that the 56 cloud files contain sub-information and background information on various areas. They added that the sample data would be provided later.
