HomeCII/OTNorth Korea Hackers Cash In Quickly with Linux Cyber Heists

North Korea Hackers Cash In Quickly with Linux Cyber Heists

Published on

spot_img

North Korean threat actors have been identified as utilizing a Linux variant of the FASTCash malware family in a financially motivated cyber campaign, according to recent reports. The FASTCash malware, initially brought to light by the US government in October 2018, was first observed in an ATM scheme orchestrated by North Korean adversaries to target banks in Africa and Asia.

Since its initial discovery, the campaign has evolved in significant ways. One notable development is its newfound ability to target banks with switch applications hosted on Windows Server, expanding its reach to interbank payment processors. While previous iterations of the malware primarily targeted systems operating on Microsoft Windows and IBM AIX, recent findings indicate a shift towards infiltrating Linux systems.

The operation of the FASTCash malware involves the modification of ISO 8583 transaction messages involved in debit and credit card transactions. By tampering with these messages, unauthorized withdrawals can be initiated, including the manipulation of declined transactions due to insufficient funds to approve and withdraw money in Turkish currency ranging from 12,000 to 30,000 lira ($350 to $875).

Researchers investigating the malware emphasize the importance of detection strategies to identify the use of specific techniques, such as process injection, which is employed to intercept transaction messages. Commercial endpoint detection and response systems, as well as open-source Linux agents, can be configured to detect the utilization of the ptrace system call associated with these activities.

In response to the growing threat posed by FASTCash and similar attacks, the Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations to enhance security measures. These recommendations include implementing chip and PIN requirements for debit cards, mandating and verifying message authentication codes for financial request response messages, and conducting authorization response cryptogram validation for chip and PIN transactions to mitigate exploitation attempts.

As cyber threats continue to evolve and become more sophisticated, organizations and financial institutions must remain vigilant in implementing robust security measures to protect against malicious actors. The utilization of advanced malware like FASTCash underscores the importance of proactive cybersecurity measures and ongoing vigilance in safeguarding sensitive financial information and transactions.

Source link

Latest articles

Miasma Worm Resurfaces as RAT-First npm Attack with Automatic Propagation Disabled

Malicious Re-Entry of the Miasma Worm: A New Threat to AsyncAPI Packages In a troubling...

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

Suspension of CMMC Phase II: A New Direction for Cybersecurity in the Defense Industrial...

Enhancing Cyber-Resilience of AI in the Enterprise

Rapid Growth of Enterprise AI and Security Oversights Enterprise Artificial Intelligence (AI) is experiencing unprecedented...

Phishing for Beginners: Forg365 Reduces Barriers to M365 Account Takeovers

Recent developments in cybercrime have given rise to a new service that is raising...

More like this

Miasma Worm Resurfaces as RAT-First npm Attack with Automatic Propagation Disabled

Malicious Re-Entry of the Miasma Worm: A New Threat to AsyncAPI Packages In a troubling...

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

Suspension of CMMC Phase II: A New Direction for Cybersecurity in the Defense Industrial...

Enhancing Cyber-Resilience of AI in the Enterprise

Rapid Growth of Enterprise AI and Security Oversights Enterprise Artificial Intelligence (AI) is experiencing unprecedented...