Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Do you use SWIFT financial messaging services? Millions of people around the world do. This system connects more than 11,000 banking and security organizations, market infrastructures and corporate customers in more than 200 countries and territories. Cybercriminals are using it too, but in special, devious ways. Recently, experts from Comodo Threat Research Lab discovered this new sophisticated attack, where the perpetrators used SWIFT to camouflage the malware penetration into multiple enterprises’ networks.
This email was dropped in the enterprises’ inboxes:
As you can see, it informs the recipient about a SWIFT message on a “wire bank transfer to your designated bank account” and recommends getting the details from the attachment.
In reality, as Comodo Threat Research Lab analysts discovered, “swift message” is nothing but malware — Trojan.JAVA.AdwindRAT. Once it has penetrated a user’s system, it modifies the registry, spawns many processes, checks for an antivirus installation and tries to kill its process. Additionally, the malware checks for the presence of forensic, monitoring or anti-adware tools, then drops these malicious executable files and makes a connection with a domain in the hidden Tor network. The malware also tries to disable the Windows restore option and turns off the User Account Control feature, which prevents installing a program without the actual user being aware.
What is the purpose of these malware attacks? Most likely, it’s an attempt at spying or a “reconnaissance” action, Comodo Threat Research Lab experts say. The attackers send their “cyberspy” to collect information about the attacked enterprise network and endpoints, thus preparing for the second phase of the cyberattack with additional types of malware. Having the precise information about the enterprise, these cyberattackers can even create malware specifically adjusted to the target environment to bypass all defensive mechanisms of the enterprise and hit the heart of the target.
What is even more interesting is the social engineering aspect of this attack. As experts from the lab have found out, a few recent phishing email attacks also used fake SWIFT messages as camouflage.
One may ask, so why do cybercriminals choose SWIFT for camouflaging?
The reason is rooted in the human psychology behind this. First, when it comes to money and especially banks’ account affairs, every person feels emotional arousal. By contrast, any emotional arousal causes critical thinking reduction—and the chances that the target will click on the malicious bait rises significantly. When it comes to an enterprise’s financial accounts, the emotions rise even more. If an employee receives an email, they will be afraid to not open it. What if they pass up something very important for the enterprise? Could they be punished for not looking into that email? Consequently, the chances that a potential victim will click on the infected file grow.
Here is the heat map and IPs used in this attack.
As you can see, the cybercriminals provided the attack from The Netherlands, Cyprus and Turkey-based IPs. The attackers used the email JoeH@snovalleyprocess.com in which the domain does not actually exist. The attack started on Feb. 9 at 00:00 UTC and ended at 08:56 UTC.
“As we see, cybercriminals more and more often use finance-related topics as a bait to make users download malware and infect an enterprise’s network,” said Fatih Orhan, head of Comodo Threat Research Lab. “They combine technical and human patterns as an explosive combination for breaking down the door to let the malware in. But it only works if the company has been careless about the right defense of that door. Enterprises under Comodo protection have not suffered because the malicious ‘SWIFT message’ was stopped by Comodo’s antispam filters and then recognized and neutralized by experts from Comodo Threat Research Lab.”
Live secure with Comodo!
Tags: Malware Attacks
Reading Time: 4 minutes It’s a mad, mad, mad, malware world. The good news is that the number of malware attacks is decreasing. The bad news is that malware forms are proliferating, attackers are getting smarter, and companies are still vulnerable. Just how bad is the problem? The answer is: very. While known threats are largely preventable, more…
Reading Time: 4 minutes Talks of Korean reunification have made me feel very optimistic. The Korean War has had a devastating effect on Koreans on both sides of the heavily guarded border. Families have been separated for decades. The war started before I was born! Since 1953, relations between North Korea and South Korea have been considered to be…
Reading Time: 3 minutes Every component of an operating system adds new functionality, and at the same time, creates potential openings for new forms of malware. Recently, a potential risk was identified with the Microsoft Windows subsystem for Linux (WSL), which is now part of Microsoft Windows 10. It should be noted that at the time of writing, this…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats