A new group of hackers are trying to rob banks by exploiting the SWIFT money transfer system, using the same plan and techniques that led to the $81 million Bangladesh Bank heist in February, as reported by researchers at the security firm Symantec.
The Hackers' Main Method
Apparently, the tools they're using is related to the Odinaff Group, which has targeted financial companies in the .U.S, Hong Kong, Australia and many other countries. Symantec explained that about 100 financial institutions have been hit so far by this second hacking group since January, based on the 74 individual computer infections detected.
The hackers main method consists of using malware to watch SWIFT messages sent to infected computers to obtain bank account numbers. The most incredible part of the attack is that when a message that contains a targeted text string is intercepted, the hacker drives it out of the local file system with some kind of suppressor component, preventing their victims from learning about the money theft, as reported by IBT.
The Carbanak Group
Although it was believed that these actions could have been done by the Lazarus group (the North Korean affiliated group being blamed for the Bangladesh heist and the Sony Pictures hack), security experts think that the real actors are a cybercriminal group known as Carbanak, which allegedly have stolen more than $1 billion from some nations, according to Computer World.
Although it has been unknown how they do their tracking, Symantec explained that to perform this operation effectively, the hackers must be using a range of lightweight hacking tools and legitimate software, in addition to a back door Trojan called Odinaff.
"This is a shift from previous attacks that have been more focused on stealing from banking customers. After the success of the first SWIFT hack, it's unsurprising to see the headlines doing the rounds again and I'd be shocked if this is the last we see of it, " , chief cybersecurity strategist at Venafi Kevin Bocek told IBT.