In February, in one of the world’s biggest ever cyber-heists, hackers tried to steal almost $1 billion from Bangladesh Bank’s account at the New York Federal Reserve using fraudulent transfer messages on the SWIFT system. SWIFT did not name the commercial banking client that was the victim of the second attack, but told users that forensic experts believe that this latest hack indicates that February’s attack of the Bangladesh central bank “was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks”.
Advertisement
He said SWIFT, a cooperative owned by 3,000 financial institutions, could not escape responsibility as it had connected its network to the central bank’s new real time gross settlement (RTGS) system launched in October for domestic transactions.
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both”, SWIFT said. The network, which runs worldwide messaging system between banks, said the malware attack targeted a commercial bank it declined to name and managed to send SWIFT messages using the bank’s valid codes, media reported.
That attack and the $81 million heist from the Bangladesh central bank account at the Federal Reserve Bank of NY in February are thought to be part of a broad assault on the global banking system by thieves whose operating methods and digital fingerprints are being studied carefully by analysts worldwide.
“SWIFT’s whole model is based on being extremely secure”, he explained.
As a preventive measure, SWIFT reminds all customers “to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels”. “This attack. did not cause any losses and had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general”, it said.
Not only did the hackers hide their tracks, but they also seem to have obtained a valid SWIFT credential that allowed them to “create, approve and submit” messages on the network.
The fact that the attackers are familiar with the banks enough to know they use PDF readers to verify SWIFT messages suggest they either have an inside source at the bank, or have somehow attained knowledge of the bank’s inner workings, SWIFT claims. Staff in Vietnam used PDF reports to inspect payment confirmations. “Billions of dollars in transactions cross this network daily”, our source added.
According to Swift the fingerprints of those behind February’s £56 million heist from the Bangladesh Central Bank have been found on another attempted heist.
Advertisement
The modus operandi of the attackers is similar in both cases. “These are not isolated incidents. However, basic system monitoring at the bank would have stopped this at the server endpoint by tracking system changes in real time, triggering alerts to analysts”.
