Back from the Dead Banks on the Brink!
There is grave speculation in security minds that the “Lazarus crew” supposedly responsible for the “Sony Hack” is back from the dead. Banks in South and South East Asia are witnessing an attack witnessed never before. Even before the jaw dropping hack of millions of dollars from an account belonging to Bangladesh using SWIFT software, it seems the same group had done away with an awful amount of cash from a bank in the Philippines in 2015.
From the investigative forensics it has now been traced that even the $12m heist from Banco del Austro SA, a bank in Ecuador is from the same team that is responsible for the present attacks.
Symantec the security firm has managed to identify the malware responsible for smaller scale attacks on the financial services in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.
Though initially it was not so apparent the motive for these lame hacking attempts, it seems like these were trial runs for bigger attacks in the future. This was made crystal clear by the similarity in the code used in the Trojan.Banswift (that hackers used for the SWIFT transaction hack on the Bangladesh account) and early variants of Backdoor.Contopee.
Further what is interesting is that the wiping code used to clear the traces of the attack is similar to that used in the Sony Hack hinting at the speculation the possibility of the Lazarus team back in action.
That is cause for concern as the Anonymous group has already declared war on the Banking system though the goals of the two different hacking groups are quite different. This brings into question the credibility of inter banking transaction security such as that of SWIFT.
Though SWIFT has tried to shift the blame quickly to the banks weakness of their own IT and security infrastructure such as firewalls, this passing on the blame is only going to encourage more hackers to get into the play as there is a lot of money to be made.