The G7 group of industrialised nations has agreed a new framework of guidelines aimed at protecting the word financial sector from cyber threats, as hackers increasingly look to target banks directly.
Responding to multiple cyber breaches at large banking institutions linked to the global SWIFT payments network after $81 million (€73.5 million) was stolen from the central bank of Bangladesh, the new framework seeks to encourage companies and national regulators to view cyber security from a risk management perspective.
“Increasing in sophistication, frequency, and persistence, cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems,” the guidelines say.
“To address these risks, [these]… nonbinding, high-level fundamental elements are designed for financial sector private and public entities to tailor to their specific operational and threat landscape, role in the sector, and legal and regulatory requirements.”
According to Federal Reserve Vice Chairman Stanley Fischer, the guidelines are intended to address the weakest links in the international financial architecture, and will act as a crucial step towards strengthening global financial systems.
The announcement came as cyber security experts at Symantec warned that a hacking group called Odinaff is continuing to target banks with a trojan designed to explore and exploit compromised networks, seeking out backdoors that can be used to facilitate fraudulent transfer requests using the SWIFT system. The trojan, which is thought to have been used in the Bangladesh attack, has targeted financial institutions in countries including Britain, the US, Australia, Hong Kong and Ukraine, according to Symantec.
The cyber scammers behind the Odinaff trojan typically trick bank employees into downloading the malware onto their companies’ systems by hiding it in documents containing malicious macros. Although macros are turned off by default in Microsoft Word, recipients are encouraged to enable them so as they can view content in the infected files.
Symantec has warned that the discovery of Odinaff trojan suggests that highly-skilled cyber criminals are studying how banking systems work, and focussing on how they can target financial workers with a view to tricking them into downloading malware onto their employers’ networks. The company says these methods mirror those used the Carbanak gang, which started looking for ways into banking systems back in 2013.
“The discovery of Odinaff indicates that banks are at a growing risk of attack,” Symantec said. “Over the past number of years, cybercriminals have begun to display a deep understanding of the internal financial systems used by banks.
“They have learned that banks employ a diverse range of systems and have invested time in finding out how they work and how employees operate them. When coupled with the high level of technical expertise available to some groups, these groups now pose a significant threat to any organisation they target.”