Organizations in the banking and financial sector are the primary targets for cybercriminals. Several industry experts stated that this sector suffers a constant stream of cyberattacks when compared to other sectors. Recently, several U.S. federal agencies warned about a hacking group “BeagleBoyz” linked to North Korea for allegedly stealing money from international banks using malicious remote access tools. The hacker group targeted global banks and financial institutions across 30 plus countries including, Argentina, Brazil, Bangladesh, Ecuador, Ghana, India, and Indonesia.
The joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the FBI, and the U.S. Cyber Command (USCYBERCOM) stated that they have identified malware and indicators of compromise (IOCs) used by the North Korean hackers to make fraudulent money transfers and cause ATM cash-outs. The advisory warned the world about the potential cyberthreats posed by the North Korean hackers to the global banking and financial institutions.
History of BeagleBoyz’s Bank Heists
The BeagleBoyz group is a part of the North Korean government’s Reconnaissance General Bureau and is said to have been active since 2014. It is estimated that BeagleBoyz stole nearly $2 billion since 2015 by manipulating critical computer systems at banks and financial institutions. In 2018, a bank in Africa halted its ATMs and point of sale services for its customers for two months after BeagleBoyz compromised their systems. The group also deployed a wiper malware in 2018 against a bank in Chile that compromised thousands of computers and servers to send fraudulent messages from the bank’s SWIFT terminal.
BeagleBoyz Attack Method
Measures to Counter Cyberthreats
The agencies advised organizations to follow certain practices to strengthen their security posture, which includes:
- Implement chip and PIN requirements for debit cards.
- Require and verify message authentication codes on issuer financial request-response messages.
- Perform authorization response cryptogram validation for chip and PIN transactions.
- Maintain up-to-date antivirus signatures and engines.
- Keep operating system patches up to date.
- Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
“Any BeagleBoyz robbery directed at one bank implicates many other financial services firms in both the theft and the flow of illicit funds back to North Korea. BeagleBoyz activity fits a known North Korean pattern of abusing the international financial system for profit. Fraudulent ATM cash-outs have affected upwards of 30 countries in a single incident. The conspirators have withdrawn cash from ATM machines operated by various unwitting banks in multiple countries, including in the United States,” the advisory said.