The details of a second hack follow a cyber theft in February, when more than $80 million was stolen from Bangladesh’s account at the Federal Reserve Bank of NY.
Advertisement
Like the attack on Bangladesh Bank in February, the attackers used malware to cover their tracks; in that case, hackers manipulated the Alliance Access server software which banks use to interface with Swift’s messaging platform, to gain access to the funds, and then to cover their tracks.
The attacks have been a major headache for the ubiquitous and publicity-shy SWIFT, an acronym for the Society for Worldwide Interbank Financial Telecommunication.
Aside from that, the two attacks were very similar, Swift said.
The $81m Bangladesh Bank heist in February had been perpetrated after the attackers gained access to its inadequately protected network and sent a series of payment request messages from the Bangladeshi central bank to the New York Federal Reserve.
In the February hack, attackers made $951 million in bogus transactions from the Federal Reserve Bank of NY to a bank in the Philippines.
SWIFT is crucial to the global financial system.
Forensics experts probing the $81-million hack of Bangladesh’s central bank have linked the malware used in the heist to the massive hack on Sony Pictures in 2014, Reuters reports.
Swift asks its customers to “urgently” review controls in their payments environments, to all their messaging, payments and ebanking channels.
“Other banks participating in the SWIFT network now need to compare the indicators of compromise shared by BAE Systems with the data generated by their own environment to understand whether or not they have also been affected and how to respond effectively”.
BAE did not say when the second attack took place, nor did it confirm that the Vietnamese bank mentioned was the one referred to by SWIFT.
SWIFT on Friday issued a notice to its customer banks saying that the breach was part of a broader effort targeting the global financial system. SWIFT said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.
Last week, Bloomberg News reported, citing the investigation by the United States firms, that two of the three hackers group were from Pakistan and North Korea.
While BAE’s research turned up numerous custom malware tools, a common link between them was a wipe-out and file-deletion function in a file called msoutc.exe, which the researchers said had identical features to the malware used in the Sony attacks. The system prides itself on security.
Advertisement
In the April 14 letter Thomas Baxter, general counsel and executive vice president at the New York Fed, said the correct procedures were followed in approving five transfers of money and in blocking 30. “I don’t think it was the first, I don’t think it will be the last”.
