The bank said it used the outsourcing service of a partner to connect with the SWIFT system through the partner’s server based overseas.
Advertisement
Officials at the bank caught the attempt before the transfer went through and it “did not cause any losses”. It involved the use of bogus SWIFT messages, the technique at the heart of a massive theft in February from the Bangladesh central bank.
Major US banks are scrutinizing security of the SWIFT messaging network following cyber attacks in Bangladesh and Vietnam involving fraudulent transfer requests, according to media reports on Tuesday. The bank had stopped using the third-party vendor’s service and now deployed its own technology with stronger security to connect directly with Swift, it said, without identifying the technology company.
SWIFT declined to comment.
The two attacks through SWIFT, used by about 11,000 banks and institutions around the world, have sent tremors through the global financial industry.
Vietnam’s central bank alerted the country’s lenders to increase surveillance, Hung said.
A bank in Vietnam successfully managed to thwart an attempt made by hackers to pull-off a cyber heist similar to the one on Bangladesh Bank in February.
Hung said it was the vendor that had been compromised, rather than TPBank’s own systems.
However, SWIFT said the malware it had found was used to remove traces of fraudulent transactions, not to conduct the transactions.
A BAE spokeswoman and the lead author of the report didn’t respond to requests for comment.
TPBank, founded in 2008 by Vietnam’s top technology firm FPT Corp., is considered one of Vietnam’s most modern and technologically savvy banks. “Swift needs to now do more in the realm of tougher interface standards and security to help its members mitigate these new threats”, he said. For example, enterprise security startup Skyport Systems corporate VP Doug Gourlay’s analysis of the SWIFT Alliance’s security guidelines for its users concluded that while they address the “types of attacks that were prevalent a decade ago”, they fail to safeguard against today’s more sophisticated hacks.
“But this updated version (software) has many new functions that enable better security to users against hackers”.
Advertisement
The bulk of the Bangladeshi money was rescued but $81m was transferred to bank accounts in the Philippines, and most of it remains missing after being moved to casinos and casino agents, Reuters said.
