Hackers who succeeded it penetrating the Websites of several Polish banks last week appear to be behind a wave of malware attacks that have targeted banks in 31 countries since the end of last year.
The attackers used compromised websites or “watering holes” to infect pre-selected targets with previously unknown malware, says security researchers at Symantec.
The attacks came to light when a bank in Poland discovered previously unknown malware running on a number of its computers. The bank then shared indicators of compromise (IOCs) with other institutions who subsequently confirmed that they too had been compromised.
The source of the attack appears to have been the website of the Polish financial regulator, which was compromised to redirect visitors to an exploit kit which attempted to install malware on selected targets.
Symantec says that since October last year it has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks.
The attackers appear to be using compromised websites to redirect visitors to a customised exploit kit, which is preconfigured to only infect visitors from approximately 150 different IP addresses, says the security group. These IP addresses belong to 104 different organisations, mostly banks, located in 31 different countries.
Analysis of the malware is still underway, but some code strings bear similarities to those used by the threat group known as Lazarus, which has been linked to a string of aggressive attacks since 2009, including the infamous take-down of Sony Pictures.
Symantec says some of the tools used in the Bangladesh bank heist shared commonalities with malware used in historic attacks linked to the group.
Says Symantec: „After a series of high profile attacks on banks during 2016, this latest incident provides a timely reminder of the growing range of threats facing financial institutions.”
According to The Wall Sreet Journal, cyberattacks on international banks show links to hackers who hit Sony. „Cybersecurity specialists have found evidence suggesting that recent attacks on institutions in Poland are part of an international hacking effort targeting financial institutions in the U.S., Mexico and the United Kingdom—an attack that shares traits with the 2014 attack on Sony Corp.”
Source: finextra.com
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below:
