3 cybersecurity stories you may have missed

Threat Intel aims to bring you the latest news and insights in the world of threat intelligence and cybersecurity.

A Trojan targeting financial institutions; emails with malicious WSF attachments, and spammers attempting to take advantage of indebted students were among the subjects covered on Threat Intel’s Security Response blog last week.

Missed them? Catch up below.

Odinaff Trojan is here to give banks a headache

Symantec recently discovered a malware called Trojan.Odinaff that has targeted a number of financial organizations around the world since January 2016.

Attacks employing this Trojan focused on organizations in the banking, securities, trading and payroll sectors, with companies that provide support services to those industries also targeted.

SWIFT users were among those targeted by the attack, although Symantec has no indication that the SWIFT network itself was compromised.

The attackers use malware to hide customers’ own records of SWIFT messages relating to fraudulent transactions. The tools used are designed to monitor customers’ local message logs for keywords relating to certain transactions. They will then move these logs out of customers’ local SWIFT software environment.

The US was the region most frequently targeted by Odinaff.

Elements of the attacks would appear to indicate that those behind Odinaff are linked to Carbanak, an attacker that has plagued the financial industry since 2013.

More than 2 million emails with malicious WSF attachments spotted in September

The number of email-based attacks observed by Symantec using malicious Windows Script File (WSF) attachments has increased sharply over the past three months.

Malicious WSF files have been used in a number of recent major spam campaigns spreading Locky (Ransom.Locky).

For example, between October 3 and 4, Symantec blocked more than 1.3 million emails bearing the subject line “Travel Itinerary.” These emails had a WSF file within a .zip archive attached and, if it was allowed run, it would install Locky on the victim’s computer.

Files with the .wsf extension can be exploited by spammers as they are not automatically blocked by some email clients and can be launched like an executable file.

Symantec has noticed a significant increase in the overall numbers of emails being blocked containing malicious WSF attachments. From just over 22,000 in June, the figure shot up to more than 2 million in July. September was a record month, with more than 2.2 million emails blocked.

Students targeted by scam spam

Scammers are trying to prey on the estimated 42 million people who owe a combined US$1.3 trillion in student debt in the US today.

Symantec has observed several spam runs attempting to send out thousands of student loan forgiveness scam emails using the Ascesso (Trojan.Ascesso aka Tofsee) malware family.

The scam typically makes ‘too good to be true’ offers, such as huge reductions in debt, or even entire loan forgiveness.

Some versions of the spam also attempt to charge for services that are, in fact, freely available from the government, universities, or other sources.

In some examples of these types of scams, victims have reported calling the number listed and being told they qualify for financial help. The victims are then told they must purchase an iTunes card for hundreds of dollars as an ‘application fee’ and receive further requests for more cash.

For more information on all these stories, check out the Security Response blog.

Follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.