A second group of hackers have broken into the SWIFT interbanking network, the platform of the global financial payments system, according to a report from security firm Symantec.
A group of hackers, going by the moniker ‘Odinaff’ have broken into the SWIFT system, using an approach similar to that when hackers stole $81 million from the Bangladesh central bank, making for an infamous cyberheist earlier this year.
A Symantec security researcher revealed that the group used a namesake malware called Trojan.Odinaff, targeting a number of financial institutions around the world since January 2016 in multiple discreet campaigns.
Organizations and financial institutions in the banking, securities, trading and payroll sectors are all targeted. So too, are service providers that support these industries.
It’s yet unknown if these attacks are successful, or if they are, to what extent. The amount of money lost or stolen, is also unknown. What is known, however, is that the tools used alongside Odniaff bear hallmarks of those used by a sophisticated hacker who has continually targeted and bled the financial industry since the 2013-Carbanak malware.
The advisory from Symantec added:
Although difficult to perform, these kinds of attacks on banks can be highly lucrative. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars.
The malware is typically spread through spear-phishing emails that come embedded with rogue and malicious macros. RAR archives that are password-protected are also used as an effective delivery mechanism.
The United States is the country most targeted by Odniaff attacks since January 2016. Hong Kong, Australia, the United Kingdom and Ukraine follow after.
A small number of attacks scaled beyond the financial sector to target organizations in healthcare, government, legal and securities.
Still, banks and financial institutions are most at risk, due to the frequency in which money is transmitted in the industry.
“The discovery of Odinaff indicates that banks are at a growing risk of attack. Over the past number of years, cybercriminals have begun to display a deep understanding of the internal financial systems used by banks,” noted the Symantec researcher, who added:
They have learned that banks employ a diverse range of systems and have invested time in finding out how they work and how employees operate them. When coupled with the high level of technical expertise available to some groups, these groups now pose a significant threat to any organization they target.