HomeCII/OTNorth Korea Hackers Cash In Quickly with Linux Cyber Heists

North Korea Hackers Cash In Quickly with Linux Cyber Heists

Published on

spot_img

North Korean threat actors have been identified as utilizing a Linux variant of the FASTCash malware family in a financially motivated cyber campaign, according to recent reports. The FASTCash malware, initially brought to light by the US government in October 2018, was first observed in an ATM scheme orchestrated by North Korean adversaries to target banks in Africa and Asia.

Since its initial discovery, the campaign has evolved in significant ways. One notable development is its newfound ability to target banks with switch applications hosted on Windows Server, expanding its reach to interbank payment processors. While previous iterations of the malware primarily targeted systems operating on Microsoft Windows and IBM AIX, recent findings indicate a shift towards infiltrating Linux systems.

The operation of the FASTCash malware involves the modification of ISO 8583 transaction messages involved in debit and credit card transactions. By tampering with these messages, unauthorized withdrawals can be initiated, including the manipulation of declined transactions due to insufficient funds to approve and withdraw money in Turkish currency ranging from 12,000 to 30,000 lira ($350 to $875).

Researchers investigating the malware emphasize the importance of detection strategies to identify the use of specific techniques, such as process injection, which is employed to intercept transaction messages. Commercial endpoint detection and response systems, as well as open-source Linux agents, can be configured to detect the utilization of the ptrace system call associated with these activities.

In response to the growing threat posed by FASTCash and similar attacks, the Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations to enhance security measures. These recommendations include implementing chip and PIN requirements for debit cards, mandating and verifying message authentication codes for financial request response messages, and conducting authorization response cryptogram validation for chip and PIN transactions to mitigate exploitation attempts.

As cyber threats continue to evolve and become more sophisticated, organizations and financial institutions must remain vigilant in implementing robust security measures to protect against malicious actors. The utilization of advanced malware like FASTCash underscores the importance of proactive cybersecurity measures and ongoing vigilance in safeguarding sensitive financial information and transactions.

Source link

Latest articles

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

Small AI Models Reduce Data Classification Costs

Advances in Small Language Models: Sentra CEO Yoav Regev Highlights New Possibilities In a recent...

US Authorities Alert to Russian Threats Against Critical Infrastructure

In a recent advisory, authorities from the United States—specifically, the National Security Agency (NSA),...

More like this

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

Small AI Models Reduce Data Classification Costs

Advances in Small Language Models: Sentra CEO Yoav Regev Highlights New Possibilities In a recent...