Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

SWIFT inter-bank transfer system attacked for the fourth time

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 27, 2016

For the fourth time this year alone, a fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system.

Security researchers at Symantec confirm that the same group blamed for the infamous $81 million Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself part of a rapidly growing list of online assaults aimed at banks.

The same hacker group was also blamed for the theft of $12 million from an Ecuadorian bank, Banco del Austro SA.

Related strains of malware featured in several other attacks against these various banks, suggesting that the same group is behind multiple assaults, as Symantec explains.

Symantec has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

At first, it was unclear what the motivation behind these attacks were, however code sharing between Trojan.Banswift (used in the Bangladesh attack used to manipulate SWIFT transactions) and early variants of Backdoor.Contopee provided a connection.

Wiping code used to cover up the banking assaults matches that which featured in the Sony Pictures attacks, Symnatec’s researchers discovered.

This commonality of tactics, techniques and procedures has allowed the security firm to point the finger of blame for the SWIFT bank hacks towards the same hackers who ransacked Sony Pictures network in 2014.

Symantec believes that distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region that means these tools can be attributed to the same group.

Backdoor.Contopee has been previously used by attackers associated with a broad threat group known as Lazarus.

Lazarus has been linked to a growing string of aggressive attacks for the past seven years, largely focused on targets in the United States and South Korea.

The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment.

The FBI concluded that the North Korean government was responsible for this attack. Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.

Some of the tools used against the Philippines bank share code similarities with malware used in historic attacks linked to a threat group known as Lazarus, the group behind the Sony Pictures breach. The U.S. government has consistently blamed North Korea for the Sony Pictures hack back in November 2014.

Symantec’s findings (which are backed up by earlier research by BAE systems) point the finger of blame for a growing run of attacks against banks worldwide towards North Korea.

Victimized by the rapidly growing list of malfeasance, SWIFT chief executive Gottfried Leibbrandt announced numerous security upgrades and better information sharing for its inter-bank transfer system earlier this week.

SWIFT still maintains that the security issues lie with the affected banks. It has said that their systems must have been compromised and credentials stolen, while acknowledging that it needs to do more to fight bank fraud.

The recent hacker attacks highlight numerous security concerns about the cross-border payments system, as detailed in an informative feature by The Economist on SWIFT’s cybersecurity issues that was published last week.

Source: Symantec.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer