The global interbank messaging system, which is used to move trillions of dollars each day and has quickly become a prime target of hackers, experienced yet another attack by a hacking group. In this week’s Hacker Tracker, we explore why hackers continue to have their eyes fixed on SWIFT and what other organizations are also working to fight off their malicious advances.
According to a report from cybersecurity firm Symantec, the attack mirrors tactics used by the unidentified group that orchestrated an $81 million hack of Bangladesh’s central bank earlier this year.
The new group, called Odinaff, is believed to be compromised of 10–20 organizations armed with malware that can hide fraudulent transfer requests in the SWIFT system. The release comes as no surprise, considering SWIFT warned customers and global banks earlier this year that attacks were on the rise.
“The emergence of new possible instances of compromise is not entirely surprising given that banks should now be undertaking rigorous reviews of their environments. Many may turn out to be false positives and/or have nothing to do with SWIFT messages, but it is key that these reviews take place and banks’ environments are secured,” the Brussels-based interbank cooperative said in a statement in May.
Despite the organization’s claims to examine new cybersecurity tech, seek external guidance on cybersecurity improvements and even launch a new plan to stop fraudulent transfers faster, hackers just aren’t letting up.
No new specific victims were named by either SWIFT or Symantec, though Symantec did confirm that Odinaff attacks are typically centered in the U.S., Hong Kong, Australia, the U.K. and Ukraine.
The Odinaff malware campaign is one that’s been targeting a number of financial organizations around the world since the beginning of this year.
According to a blog post, Symantec said the attacks appear to be “extremely focused” on companies operating in the banking, securities, trading and payroll industries. Companies that provide support services to those industries also appear to be targets.
“Odinaff is typically deployed in the first stage of an attack, to gain a foothold onto the network, providing a persistent presence and the ability to install additional tools onto the target network,” wrote Symantec in the post. “These additional tools bear the hallmarks of a sophisticated attacker, which has plagued the financial industry since at least 2013 — Carbanak. This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns.”
Hackers Get Fashionable
The payment system of handbag company Vera Bradley may have been compromised by a massive data breach last month.
The Fort Wayne-based retailer confirmed that it was notified on Sept. 15 by the FBI that a “potential data security issue” was discovered in its retail network, spokeswoman Julia Bentley told Reuters.
The hackers may have gained access to customer data, including card numbers, cardholder names, expiration dates and internal verification codes. Those who shopped at the retailer between July 25 and Sept. 23 could be impacted.
The company launched its own internal investigation, which showed that an unauthorized program was installed into its payment system.
As a result of the hack, there was a significant lag reported during the company’s attempt to upgrade its system before the holiday season arrived. Vera Bradley has yet to release exactly how many in-store used cards were affected by the possible breach, but no cards used through the company’s website were involved. The company has 112 stores and 44 factory outlets.
IoT Sparks Stolen Password Test
Consumers aren’t the only ones enjoying the advancing technologies and capabilities that have come with the growing Internet of Things sector.
A new report from Akamai Technologies found that hackers are using connected devices against their owners by turning them into a place to perform mass tests of stolen login credentials.
According to the company’s research, hackers will spend months at a time using millions of “smart” devices to see if stolen passwords are usable on more than one site. The new type of hacking, called “credential stuffing campaigns,” is expanding to a growing number of affected devices.
“Once malicious users access the web administration console of these devices, they can then compromise the device’s data and, in some cases, take over the machine,” Akamai researchers wrote in their report. They noted that the vulnerability isn’t new but has resurfaced with the proliferation of connected devices and said they are working with some of the biggest device vendors on “a proposed plan of mitigation.”
The news comes amid concerns that weaknesses in the factory settings of connected devices give hackers an easy tool by which to access websites illegally. Akamai’s research showed smart devices could be manipulated using secure shell protocol, better known as SSH.