Many people will recall the attacks conducted against the SWIFT payment network earlier this year. Even though SWIFT itself was never breached during these attacks, connected banks proved to be a security risk. Symantec has uncovered a plot by a second group of hackers looking to target the payment network. By using the Odinaff Trojan, the Carbanak cybercrime group may become a significant concern.
Hackers Continue To Target The Financial System
Identifying security concerns at an early stage is of the utmost importance. Symantec, one of the world’s leading cyber security firms, has identified a potential threat to the SWIFT network. Unlike what some people might expect, this is a different risk from what has happened earlier this year.
The year 2016 has not been a good one for traditional finance so far. Several cyber heists targeted banks connected to the SWIFT network resulting in tens of millions of dollars being stolen. But Carbanak is planning to do things a bit differently, as they have been fine-tuning their banking trojan named Odinaff. So far, the group has attempted to breach several networks of organizations, most of which are active in the financial sector.
As Swift investigated the matter further, it became apparent that the collective has attempted to attack SWIFT network users. Odinaff will exploit weaknesses in the interface between SWIFT and the systems of participating banks. No specifics were revealed at this time, though, and no one knows if any of these attempts have been successful so far.
But there is more, as the Carbanak collective is also deploying malware to mask fraudulent transactions. Customer messages are being monitored for keywords related to specific transactions. If a match occurs, the log in question is then removed from the local SWIFT software environment. This is a very sophisticated approach to hiding illegal activity, but one that will go by unnoticed for quite some time.
It has to be said that using Odinaff requires a lot of effort on behalf of the hackers. Symantec discovered that dedicated backdoors have to be built to suit a particular purpose. Moreover, the Trojan targets computers of strategic importance, which requires a proper analysis of the entire bank network itself. While these attacks are targeted, they are well-coordinated and may involve several dozen people to pull off successfully.
Symantec researchers have also uncovered and identified three command-and-control servers. The IP addresses linked to these servers are correlated to the previously reported campaigns executed by the Carbanak collective. While this is not conclusive evidence that the group is behind this new SWIFT campaign, it is hard to ignore the connection.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.