New or modified malware code that at the least had a different MD5 hash was allowed to register, load and execute without detection. The malware should not have been able to execute, and SWIFT’s security team should have been notified. This is what happened when attackers exploited retailer Target’s POS system, yielding 40 million credit card numbers and identities. Just like the Target exploit, once the attackers jumped perimeter defenses, bad security policy let them run whatever malware they chose.
1 comment
[ 3.1 ms ] story [ 10.3 ms ] thread