HomeCII/OTNorth Korea Hackers Cash In Quickly with Linux Cyber Heists

North Korea Hackers Cash In Quickly with Linux Cyber Heists

Published on

spot_img

North Korean threat actors have been identified as utilizing a Linux variant of the FASTCash malware family in a financially motivated cyber campaign, according to recent reports. The FASTCash malware, initially brought to light by the US government in October 2018, was first observed in an ATM scheme orchestrated by North Korean adversaries to target banks in Africa and Asia.

Since its initial discovery, the campaign has evolved in significant ways. One notable development is its newfound ability to target banks with switch applications hosted on Windows Server, expanding its reach to interbank payment processors. While previous iterations of the malware primarily targeted systems operating on Microsoft Windows and IBM AIX, recent findings indicate a shift towards infiltrating Linux systems.

The operation of the FASTCash malware involves the modification of ISO 8583 transaction messages involved in debit and credit card transactions. By tampering with these messages, unauthorized withdrawals can be initiated, including the manipulation of declined transactions due to insufficient funds to approve and withdraw money in Turkish currency ranging from 12,000 to 30,000 lira ($350 to $875).

Researchers investigating the malware emphasize the importance of detection strategies to identify the use of specific techniques, such as process injection, which is employed to intercept transaction messages. Commercial endpoint detection and response systems, as well as open-source Linux agents, can be configured to detect the utilization of the ptrace system call associated with these activities.

In response to the growing threat posed by FASTCash and similar attacks, the Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations to enhance security measures. These recommendations include implementing chip and PIN requirements for debit cards, mandating and verifying message authentication codes for financial request response messages, and conducting authorization response cryptogram validation for chip and PIN transactions to mitigate exploitation attempts.

As cyber threats continue to evolve and become more sophisticated, organizations and financial institutions must remain vigilant in implementing robust security measures to protect against malicious actors. The utilization of advanced malware like FASTCash underscores the importance of proactive cybersecurity measures and ongoing vigilance in safeguarding sensitive financial information and transactions.

Source link

Latest articles

Iran-Linked MuddyWater Espionage Campaign Targets Organizations Worldwide

A recent threat intelligence report released by WatchGuard has raised alarms about an espionage...

New AI Security Charter Supported by More Than 70 Cyber Firms

Over 70 Cybersecurity Organizations Commit to Responsible AI Use Through New Charter In a significant...

Organisations Identify Threats but Struggle to Act Quickly

Fragmented tools and manual processes are contributing to an alarming gap between threat awareness...

20 Open-Source Cybersecurity Tools to Explore

Help Net Security Unveils Compilation of 20 Open-Source Cybersecurity Tools Help Net Security has introduced...

More like this

Iran-Linked MuddyWater Espionage Campaign Targets Organizations Worldwide

A recent threat intelligence report released by WatchGuard has raised alarms about an espionage...

New AI Security Charter Supported by More Than 70 Cyber Firms

Over 70 Cybersecurity Organizations Commit to Responsible AI Use Through New Charter In a significant...

Organisations Identify Threats but Struggle to Act Quickly

Fragmented tools and manual processes are contributing to an alarming gap between threat awareness...