Lazarus Group´s Latest Target: Windows IIS Servers

The evolving landscape of the 21st century has witnessed a substantial integration of technology into the fabric of businesses and governments, amplifying the scale and severity of cyberattacks. Consequently, various countries worldwide now face heightened risks from such cyberattacks, and Mexico is not the exception. In a recent statement, Mexican cybersecurity startup SILIKN warns about vulnerabilities in the systems used by several Mexican government institutions. 

The Mexican government is at risk of potential cyberattacks in light of the latest hacking campaign orchestrated by the Lazarus Group, says Victor Ruiz, Founder, SILIKN. The North Korean cybercriminal organization has been active since the early 2000s, but its current operations carry greater implications than ever. In today's technologically driven landscape, where nearly every piece of information relies on vulnerable algorithms, constant innovation is essential to keep pace with and battle against technological advancements such as artificial intelligence (AI). 

According to recent data analyzed by SILIKN, companies utilizing Windows IIS web servers have become particularly susceptible to cyberattacks due to recent vulnerabilities. The Lazarus Group has exploited these gaps and devised a method to implant malware into inadequately patched Windows web servers. The repercussions of this malware are even more significant in Mexico, where numerous government dependencies remain at risk of cyberattacks, cautioned Ruíz. Prominent entities like the Judicial Council of Mexico City (CJCDMX), the Ministry of Environment and Natural Resources (SEMARNAT), the National Institute of Ecology and Climate Change (INECC), the Mexican Social Security Institute (IMSS) and the Institute of Security and Social Services for State Workers (ISSSTE), among others, currently lack sufficient defense against these sophisticated threats, he adds.

Promptly fixing and upgrading the specific security patches in the IIS Windows server would be a critical initial step in countering the threat posed by Lazarus Group. For now, it is understood that the vulnerabilities within Windows servers, commonly referred to as Log4Shell vulnerabilities, encompasses a critical breach in security that empowers hackers to execute malware without requiring physical access to the compromised device. That is, however, the dangers of such cyber vulnerability: one can suffer from it without even noticing it. 

The Lazarus Group has achieved global notoriety for its cyberattacks. In 2016, it infamously orchestrated a theft of nearly US$81 million from the National Bank of Bangladesh. Furthermore, the group was responsible for the high-profile exposure of Sony´s confidential information in 2014, as well as the corruption of over 300,000 computers worldwide in 2017. Given the group´s track record, it would be imprudent to assume that Mexico could withstand such attacks without external assistance. 

It is of vital importance for the Mexican government to be able to respond against such attacks given the vulnerability of numerous governmental entities. For this, Ruíz suggests that vulnerable governments and companies should consider monitoring for abnormal processes. He also suggests deploying precautionary measures to prevent future cyberattacks that could lead to the leakage of confidential and delicate information. Needless to say, the price to pay for such exposure could be catastrophic and quite expensive for the hypothetical victims of the Lazarus Group. 

Numerous companies and government institutions have lost millions from cyberattacks in Mexico and abroad, and the threat is only expected to worsen. “The question is not if a business or government agency will face an attack but rather when and if that business will have the cyber capacity and systems in place to defend itself”, writes Jesús González, General Director, Apollo X, in MBN.