Global financial systems using SWIFT have now been attacked by a second group. This exploit follows on the heels of an earlier attack which spirited $81 million from a Bangladeshi bank. Vulnerable encryption is likely the entry point for both attacks, which used a back-door Trojan developed for the Dark Web by the Ordinaff group. According to Symantec, Ordinaff connects to a remote host and can download RC4 encrypted files and execute them.
Once hackers are able to eavesdrop on encrypted traffic, they can then monitor SWIFT messages sent to infected computers for bank account numbers or other keywords relating to specific transactions. International Business Times summarizes the attack in the following way: “When a message that contains a targeted text string is intercepted, the hackers use a ‘suppressor’ component to drive it out of the local file system to prevent it from being seen or recovered by the intended recipient.”
Both of these attacks to the SWIFT system highlight the need to rethink outdated security systems, especially when it comes to inspecting encrypted traffic. In an article in Information Security Buzz, Venafi Chief Strategy Officer, Kevin Bocek comments, “The SWIFT system was state-of-the-art when it was created two decades ago, but in cybersecurity and fraud prevention, 20 years might as well be a millennium. A complete rethink of outdated payments architectures, including SWIFT, is long overdue.”
Find out why the SWIFT attacks should be a wakeup call for organizations everywhere. Read the rest of the article to learn why Kevin Bocek recommends that you reinforce the systems of trust in your organization.