“News of another incident in which malware was apparently used to cover the tracks of unauthorized banking instructions transmitted by the SWIFT network suggests remediation efforts following February’s $81 million Bangladesh reserve bank heist have so far been inadequate”, ESET Senior Security Researcher Stephen Cobb told SCMagazine.com in an email.
Advertisement
US Representative Carolyn Maloney had called for a probe of the fund transfers triggered by the February cyber attack on the Bangladesh central bank.
Global thieves have breached SWIFT, the worldwide bank financial messaging system used to transfer billions of dollars around the world each day, The New York Times and Reuters are reporting.
Following the hack, IT security expert BAE Systems say they had discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT’s Alliance Access client software.
After an $81 million cyber heist at the Bangladesh central bank, the Federal Reserve Bank of NY said there was no problem with its procedures for approving fund transfers, according to a letter released on Friday by a U.S. lawmaker who had questioned those methods. By using legitimate network credentials, internet criminals have infiltrated the SWIFT system and initiated fraudulent transfers.
SWIFT said Friday that attackers had malware to target a PDF reader at a bank, which it did not name, allowing them to transfer money and tamper with bank documents. But Swift has rejected claims by the bank that its own technicians were responsible for errors that left it wide open to attack.
Swift declined to comment to SC beyond its initial statement.
In this new case we have now learnt that a piece of malware was used to target the PDF reader application used by the customer to read user generated PDF reports of payment confirmations.
Other security advisors weighed in with some steps that could be taken to fix the problem at hand and that should be included to protect future transactions on the SWIFT system.
Unknown hackers transferred more than 101 million USA dollars from Bangladesh Bank account with the NY Fed on February 4. That looks like it is indeed the case, and at the end of last month, Swift observed that it was aware of a number of attempts to hack into its messaging platform in order to use it for malicious ends. “Up to and including your ability to detect attacks and respond to them”, Remes, who’s also a member of the International Information Systems Security Certification Consortium, said.
“It appears to have been created by someone with an intimate knowledge of how the Swift software works as well as its business processes, which is cause for concern”.
“Basic system monitoring at the bank would have stopped this at the server endpoint by tracking system changes in real time, triggering alerts to analysts”.
Advertisement
A second victim has been found by the firm, which has warned that the latest attack is similar to the one that stripped the Bangladesh Bank of its millions.
