Slashdot Mirror

← Back to Stories (view on slashdot.org)

Second Hacker Group Targets SWIFT Users, Symantec Warns (reuters.com)

Posted by msmash on from the security-woes dept.

A second hacking group has sought to rob banks using fraudulent SWIFT messages, cyber security firm Symantec said on Tuesday. The group is said to be using the same approach that resulted in $81 million in the high-profile February attack on Bangladesh's central bank. From a Reuters report: Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

1 of 15 comments (clear)

  1. "Closed Network Syndrome" strikes again by ErichTheRed · · Score: 3, Insightful

    This is the same thing that happens with networks like SCADA systems, supposedly "air gapped" networks, etc. Even if there is no physical access to the network, it can totally be defeated by a USB key. I'm sure SWIFT has tons of security in place to protect the actual transaction, but lots of these systems that I've seen over the years have relied on the fact that they're typically isolated...which means very little these days. Because the networks are isolated, it becomes more of a pain to apply patches and updates, and network owners are less likely to bother because of this. And in the case of the SCADA stuff or a vertical-market company that doesn't really have much competition, there's little incentive for the device manufacturer or network owner to do any maintenance or write secure code in the first place.

    It's kind of sad, but any networked system these days has to assume that anyone accessing it, whether inside or outside the company perimeter, is attacking it. Too many companies assume that if a machine is plugged into the "inside" network, it's safe. Changing access policies is a hard sell though, so places keep doing it and keep getting compromised.