Content, Breach, Channel partners, Malware, Vertical markets

Comodo: Hackers Use SWIFT Financial Messages to Hide Malware Attacks

Credit: Pixabay

Cybercriminals are using Society for Worldwide Interbank Financial Telecommunications (SWIFT) messages to disguise malware attacks, according to the Comodo Threat Research Lab.

Threat researchers discovered malware attacks that use SWIFT messages to ask recipients to provide a "wire bank transfer to designated bank account," Comodo said in a prepared statement. The messages also recommended recipients open attachments for further details about wire transfer requests.

A Closer Look at the SWIFT Malware Attacks

With the SWIFT malware attacks, cybercriminals sent SWIFT messages to penetrate end users' systems, modify system registries and spawn malicious processes, according to Comodo.

Hackers used the SWIFT malware attacks to look for antivirus, forensic, monitoring and anti-adware tools, Comodo indicated. They then deployed malicious executable files and connected with a domain in a hidden Tor network.

In addition, cybercriminals deployed the SWIFT malware attacks to try to disable the Windows restore option on users' systems, Comodo said. They also attempted to deactivate the Windows User Account Control feature; this feature prevents Windows from installing a program without a user's permission.

Why Did Hackers Launch the SWIFT Malware Attacks?

Hackers likely used the SWIFT malware attacks to "cyberspy" and collect information about enterprise networks and endpoints, Comodo noted. Then, hackers could use this information to create custom malware to bypass an enterprise's defense mechanisms.

Furthermore, there may have been a psychological element behind the SWIFT malware attacks, according to Comodo.

SWIFT messages enable financial professionals to securely transmit information and instructions through a standardized system of codes. The messages often cause emotional arousal due to the fact that they involve money and bank account affairs, Comodo indicated. As such, financial professionals sometimes act quickly to open SWIFT messages, thereby increasing the likelihood that a recipient would click on an infected file.

What Is SWIFT?

The SWIFT financial messaging system was launched in 1977 and assigns a unique code that consists of eight or 11 characters to a financial organization. It leverages standardized messages and reference data between financial institutions to facilitate automation, reduce costs and mitigate risk.

SWIFT represents the primary communications channel for financial institutions engaged in correspondent banking. Today, SWIFT messages are used by more than 11,000 banking and security organizations, market infrastructure and corporate customers in more than 200 countries and territories.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.