[Asia Economy Reporter Kim Min-young] Over the past three months, approximately 1% of emails related to the novel coronavirus infection (COVID-19), about 73,000 cases, were identified as suspected malicious emails. Fortunately, no serious threats to the financial sector have been detected.
The Financial Security Institute announced a report on COVID-19 threat trends in the financial sector on the 29th, containing these findings.
According to the report, the Financial Security Monitoring Center under the Financial Security Institute analyzed all 6.8 million COVID-related emails from February to April and found about 73,000 suspected malicious emails, accounting for approximately 1%.
Of these, 90% were confirmed to induce access to phishing sites related to mask sales, while others involved financial fraud such as virtual currency donation requests impersonating the World Health Organization (WHO), and malware distribution attacks using attachments.
Analysis of the IP addresses sending the suspected malicious emails revealed that emails were sent from a total of 3,827 IPs across 107 countries, with Turkey (62%) and the United States (10%) being the countries with the highest volume of sent emails, according to the Security Institute.
The Security Institute stated that four advanced persistent threat groups (Kimsuky, Tonto, Connie, Macau) were identified as conducting attacks targeting South Korea. The Kimsuky, Tonto, and Connie groups sent phishing emails with malware attachments, while the Macau group distributed malicious apps through smishing to attempt information theft. Notably, the Connie group, which conducts spear-phishing attacks on North Korea-related topics, disguised malware distribution as documents recommending mask use related to COVID-19.
However, although cyberattacks exploiting COVID-19 are rapidly increasing, no serious threat cases to financial companies have been identified so far.
The Security Institute plans to incorporate the types of COVID-19-related cyberattacks analyzed this time into the ‘Financial Sector Cyber Incident Response Training’ currently being conducted for 185 financial companies since last month, and will continuously enhance the financial sector’s detection, response, and recovery capabilities against increasingly sophisticated and advanced cyberattacks and the latest cyber threats. Kim Young-gi, head of the Security Institute, stated, “We will actively support the financial sector to enable proactive responses to cyber threats exploiting COVID-19.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
