Recall the US$81m cyber-heist by the Lazarus group in 2016? We are reminded that threat intelligence is critical for solid cybersecurity.

In view of the heavy attack on the financial sectors in the region, Southeast Asian (SEA) enterprises need to beef up defenses against sophisticated cybercrime groups such as the Lazarus group.

Lazarus is the infamous cybergang allegedly behind the multi-million Bangladesh bank heist that involved US$81 million of losses, multiple lawsuits, reputational losses, heavy fines, one indictment and arrest, and several top bank officials’ resignations and even terminations.

Cybersecurity firm Kaspersky has revealed that malware samples relating to Lazarus group activity have appeared in financial institutions, casinos, software developers for investment companies, and crypto-currency businesses in several countries globally, including Indonesia, Malaysia, Thailand and Vietnam, among others.

Said Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky: “The past offers us warnings which we must heed to be able to build a safer (present). This applies to the financial sector and all other organizations especially when it comes to cybersecurity. More than four years after the world has witnessed one of the most successful cyber-heists to date, it is essential for banks and related institutions in Southeast Asia to understand how they can leverage on threat intelligence to foil any sophisticated attempts against their systems.”

Tiong cited that Kaspersky cybersecurity researchers have been monitoring the Lazarus group closely for years. By tapping this threat intelligence, SEA enterprises can detect Lazarus-linked attackers going forward. “We can block them, analyze the malicious file, and alert the organization’s IT team on which tactics and techniques to look out for based on the group’s previous attack behavior, saving possible multi-million losses financially and professionally,” he said.

Aside from offering extensive Lazarus threat intelligence, Kaspersky also noted the importance of the human factor when it comes to securing financial systems. The firm cited a report that proved the cyber-heist started with a series of spear phishing emails, one of which was eventually clicked by an unsuspecting bank employee, leading to massive consequences.

Although often intended to steal data for malicious purposes, spear phishing can lead to the installation of malware for even more extensive attacks. The threat of phishing and spear-phishing remains present as Kaspersky’s network has detected 40,511,257 during the first five months of 2020, globally.