Photographee.eu - Fotolia
Swift reports another Bangladesh central bank-style cyber attack
Global financial messaging organisation Swift warns of a highly adaptive cyber criminal campaign targeting banks with user credentials to submit transfer requests
Another bank has been targeted by cyber criminals in a similar way that led to the theft of $81m from the Bangladesh central bank’s account at the Federal Reserve Bank of New York in February 2016.
The Society for Worldwide Interbank Financial Telecommunication (Swift) said the target of the latest attack was a commercial bank, but did not name it or give any other details.
The attackers exhibited a “deep and sophisticated knowledge of specific operational controls” at the bank and may have been aided by “malicious insiders or cyber attacks, or a combination of both,” Swift said in a statement.
According to Swift, investigators said this latest incident shows that the Bangladesh heist was not a single occurrence, “but part of a wider and highly adaptive campaign targeting banks".
In both cases, Swift said it appeared that insiders or cyber attackers had obtained user credentials and submitted fraudulent money transfer requests.
Commenting on the first case, Justin Harvey, chief security officer at Fidelis Cybersecurity said it showed how critical it was to protect corporate credentials.
“Those with powerful access rights within an organisation are an easy target for hackers and, if compromised, this can have a devastating impact on any company – financially and in terms of reputation,” he said.
Read more about cyber crime
- The chief of the Metropolitan Police Service’s fraud squad Falcon admits the Met’s policing of online fraud and cyber crime has not been good enough in the past.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
- The Metropolitan Police should appoint a senior officer to ensure the whole force is prepared to tackle online crime, says a London watchdog.
Misspelling prevents $1bn loss
In the latest case, the cyber criminals used malware to manipulate PDF document reports confirming the messages to hide their tracks, said Swift.
In February, cyber attackers managed to get four transfers totalling $81m through, but a fifth was blocked because the hackers misspelt the word “foundation” as “fandation” when trying to transfer $20m to an account supposedly held by an organisation called the Shalika Foundation, which is not officially listed in Sri Lanka.
The Bangladesh central bank halted the transaction when the typo led to a query seeking clarification by a routing bank, Deutsche Bank.
The query, combined with an alert from the New York Federal Reserve about the unusually large number of requests, led the Bangladesh bank to halt all the other transactions initiated by the cyber criminals that would have netted a further $870m, which would have brought the total close to $1bn.
Pledges of collaboration
Representatives of the New York Fed, Bangladesh Bank and Swift met in Basel, Switzerland on 10 May 2016 to discuss the February heist.
The parties provided details on the actions taken and exchanged information about the cyber and physical vulnerabilities illustrated in the event.
All parties stated their concern and their continued commitment to work together to normalise operations.
They also agreed to work together to recover the money, bring the perpetrators to justice and protect the global financial system from these types of attacks.
Swift acknowledged that the scheme involved altering Swift software to hide evidence of fraudulent transfers, but that its core messaging system was not harmed, according to the Guardian.
Swift is a global member-owned co-operative that provides secure financial messaging services that connect more than 11,000 financial services organisations in more than 200 countries and territories.