Will Developing Nations Turn to Cybercrime to Fuel Their Economy?

Vietnam is one developing nation believed to be using cyberattacks to generate money

As banks and financial institutions are increasingly targeted by financially motivated malicious actors the world over, protecting these organizations from cyberthreats is increasingly important, yet expensive. While developed and more affluent nations are able to invest in external-facing security systems, those financial organizations in developing countries are more vulnerable to attack, according to a new report published by IntSights.

The Banking and Financial Services Threat Landscape Report found that banks and financial services organizations were targeted in 25.7% of all malware attacks last year, more than any of the other 27 industries tracked.

In the last year, threat actors have most frequently targeted banks and financial institutions in developing regions of the world. Those organizations in Latin America, Africa and parts of Asia that are lacking external facing security capabilities, are far more susceptible to attack. According to Charity Wright, former NSA and a threat intelligence research analyst at IntSights, cybercriminals are able to exploit financial institutions in developing nations rather easily, which could prove problematic for the global threat landscape.

The Consequence of Limited Resources

While the web is bereft of boundaries, the digital world mirrors the geopolitical and economic landscape of the physical world. Financial institutions in developing nations may be leveraging mobile banking, but the lack of comprehensive security systems has left organizations in developing nations “bleeding out money,” Wright said.

The issue is limited resources. In 2018, Kenya suffered an estimated loss of $297.9 million to fraud and cyberattacks. Not surprisingly, banks were among the top victims, the report said. Last year also saw a cyberattack on a bank in Pakistan, in which criminals were able to steal 2.6 million Rupees from customer accounts. Then the second largest bank in India lost $13.5 million because of unauthorized interbank transactions.

Organizations that are running legacy systems without the means to keep those systems up to date are prime targets for malicious actors. Cybercriminals are known to go after the lowest hanging fruit, and “with fewer barriers, cybercriminals are able to exploit organizations in developing nations with far greater ease,” the report said.

Even those countries that are able to adopt new technologies are vulnerable because, “in many cases, cybersecurity efforts have lagged behind advances in business operations, leaving organizations in this region to guard expansive attack surfaces without the necessary defense resources.”

When Cyber Levels the Wrong Playing Field

Of great concern is the potential for malicious actors in these developing nations to see cyber as a way to level the playing field. “They look to larger countries like China and see that the economy is fueling the cyber world, but they are also starting to see that cyber can fuel the economy,” Wright said, adding that Vietnam’s growing threat landscape is a prime example.

Wright authored research that looked specifically at the rising cyberthreats from Vietnam and found that “[r]ecent investments in the domestic development of technology have attracted skilled tech workers from foreign countries to Vietnam. This rapid economic growth and expansion naturally attracts undesirable attention in the form of cybercrime and cyber espionage.”

As the cybercriminal landscape of Vietnam has evolved, Wright said she has seen an uptick in threat actors targeting foreign multinational organizations operating inside Vietnam. “One group [APT 32, also known as Ocean Lotus] appears to be acting in support of Vietnam’s interests by creating economic advantages through cyberattacks on competitors.”

Cambodia is notably one of those competitors targeted by the group. Last year, OceanLotus was believed to have carried out cyberattacks on foreign nations who have the potential to threaten Vietnam’s economy. The report cited evidence of additional attacks on global organizations, including Toyota, suggesting that OceanLotus could be associated with the Vietnamese government and that its goal is to disrupt the business operations of their competitors.

“Cyber warfare is an opportunity to level the playing field. Vietnam has the potential to develop into a cybercriminal outpost,” Wright wrote. “Increasing numbers of Vietnamese internet users are choosing anonymity through the deep and dark web, and are seeking information on cryptocurrencies, dark web usage, and access to cybercrime jobs.”  

Kacy Zurkus

Avatar photo

Kacy Zurkus

Prior to joining RSA Conference as a Content Strategist, Kacy Zurkus was a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition's security portfolio. Zurkus was a regular contributor to Dark Reading, Infosecurity Magazine, Security Boulevard and IBM's Security Intelligence. She has also contributed to several industry publications, including CSO Online, The Parallax, and K12 Tech Decisions. During her time as a journalist, she covered a variety of security and risk topics and also spoke on a range of cybersecurity topics at conferences and universities, including Secure World and NICE K12 Cybersecurity in Education. Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). In addition, she's also spoken on a range of cybersecurity topics at conferences and universities, including SecureWorld Denver and the University of Southern California.

kacy-zurkus has 62 posts and counting.See all posts by kacy-zurkus