Security & Fraud

Malware Campaign Has Been Plaguing Financial Companies Since Start Of Year

Security company Symantec revealed on Tuesday (Oct. 11) that, since the start of the year, a malware campaign, dubbed Trojan.Odinaff, has been targeting a number of financial organizations around the world.

According to a blog post, Symantec said the attacks appear to be “extremely focused” on companies operating in banking, securities, trading and payroll industries. Companies that provide support services to those industries also appear to be targets.

“Odinaff is typically deployed in the first stage of an attack, to gain a foothold onto the network, providing a persistent presence and the ability to install additional tools onto the target network,” wrote Symantec in the post. “These additional tools bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013 — Carbanak. This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns.”

Symantec went on to note that the attacks “require a large amount of hands-on involvement, with methodical deployment of a range of lightweight back doors and purpose-built tools onto computers of specific interest.” What’s more, Symantec said there appears to be a heavy investment in the coordination, development, deployment and operation of these tools during the attacks. While these types of attacks are hard to pull off, they can be highly lucrative for the bad guys. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars, Symantec noted. The blog post went on to say that the attacks involving Odinaff started in January of this year and hit a wide range of regions, with the U.S. as the most frequent target. Hong Kong, Australia, the U.K. and Ukraine were also targets of the attack. Most of the targets were financial companies, accounting for 34 percent of the attacks.


Latest Insights: 

With an estimated 64 million connected cars on the road by year’s end, QSRs are scrambling to win consumer drive-time dollars via in-dash ordering capabilities, while automakers like Tesla are developing new retail-centric charging stations. The PYMNTS Commerce Connected Playbook explores how the connected car is putting $230 billion worth of connected car spend into overdrive.

Click to comment


To Top