25 February 2018
visit www.nextgenbanking.co.uk/

Swift warns of second victim of bank hackers

13 May 2016  |  11875 views  |  5 Swift logo web screen shot

In news that will send a shiver down the spines of banking regulators worldwide, bank-owned messaging network Swift is warning members that a second bank has fallen victim to the same kind of malware-based attack that led to an $81 million loss at the Bangladesh Central Bank.

In a letter sent to member banks this morning, and reviewed by the New York Times, Swift warned that the latest attack bore numerous similarities to the $81 million heist suffered by the Central Bank of Bangladesh and was very likely part of a “wider and highly adaptive campaign targeting banks”.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website on Friday.

Police investigating the attack in Bangladesh said the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.

Researchers at BAE System claim that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which shielded the attackers by changing information on transfer requests made via Swift on the client interface used by the bank to track information about transfer requests.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

The latest bank to fall victim to the attackers is understood to have used a PDF reader to confirm that payments had been made, suggesting a higher level of sophistication than had been evident in the Bangladesh bank hack. Swift says the thieves obtained a valid Swift credential that allowed them to “create, approve and submit” messages on the network. Those messages — sent from PCs in the bank’s back offices or from laptops — were then used to move money from one of the bank’s accounts.

Swift has declined to name the bank involved or the amount of money that was stolen.

The latest incident once again turns the spotlight on the security of the network used by banks to transfer billions of dollars in transactions daily.

Swift has reiterated its stance that the core network remain secure, pointing to internal deficiencies and security lapses at member banks connecting to the network.

“Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift said in its latest message. “This latest evidence adds further urgency to your work.”

Comments: (5)

Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India | 13 May, 2016, 15:38

You are as safe as your weakest Link.... more than decade old Security rule again proves right.

1 thumb up! 1 thumb up! (Log in to thumb up)
Chris Yaldezian
Chris Yaldezian - IBM (Software Group) - San Ramon | 13 May, 2016, 18:21

Hitesh, you are absolutely right. So, what can be done about it? Perhaps rules about controls, and security software need to be mandated by SWIFT to allow banks to connect to its network? Thoughts?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 13 May, 2016, 19:14

Replace SWIFT with Bitcoin / Blockchain?:) On a more serious note, from personal experience of developing and implementing a SWIFT gateway software product, SWIFT already mandates security controls for interconnection of banking systems with SWIFT. If a bank hasn't implemented these security controls, will SWIFT let it connect to its network? Well, that's the $81 million question, isn't it?

1 thumb up! 1 thumb up! (Log in to thumb up)
Ramadas Mv
Ramadas Mv - Enterprise Banking Architects - New Delhi | 17 May, 2016, 06:13

Exactly correct, its high time start discussion on SWIFT Security..in an increasingly networked world, any one banks security only is as good as other participant bank network !! SWIFT have only internal security measures, it has not established any specific measures to be uniformly adopted by financial institutions to secure their networks. it high time to build concensus among partipants and SWIFT together implement security measures to aviod such lapses.. 

1 thumb up! 1 thumb up! (Log in to thumb up)
Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India | 17 May, 2016, 09:39

SWIFT can take some best practices of Securities trading platforms which has more tight control for system control access.

SWIFT can build message gateway for External interfaces and PC based front and back office applications to post transactons. It can be further cascaded with fraud and risk module on same gateway for all such external interfaces before posting their transactions.

1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  8034 views  |  2 comments | 5 tweets | 18 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10214 views  |  0 comments | 16 tweets | 12 linkedin
No firewall and $10 routers blamed in Bangladesh Bank heist

No firewall and $10 routers blamed in Bangladesh Bank heist

22 April 2016  |  20414 views  |  2 comments | 20 tweets | 18 linkedin
Bangladesh Bank considers lawsuit against NY Fed over $81m hack

Bangladesh Bank considers lawsuit against NY Fed over $81m hack

23 March 2016  |  6538 views  |  0 comments | 2 tweets | 3 linkedin
Bangladesh bank governor quits as investigators follow money trail

Bangladesh bank governor quits as investigators follow money trail

15 March 2016  |  6823 views  |  0 comments | 6 tweets | 3 linkedin
Poor spelling thwarts Bangladesh Bank hackers

Poor spelling thwarts Bangladesh Bank hackers

10 March 2016  |  9767 views  |  1 comments | 17 tweets | 12 linkedin
Was Bangladesh Bank's account with the New York Fed hacked?

Was Bangladesh Bank's account with the New York Fed hacked?

08 March 2016  |  5608 views  |  0 comments | 3 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.nextgenbanking.co.ukVisit http://info.nice.comVisit https://www.capgemini.com

Top topics

Most viewed Most shared
Ripple makes new connections to emerging marketsRipple makes new connections to emerging m...
12672 views comments | 16 tweets | 10 linkedin
hands typing furiouslySome Interesting Applications Of The Inter...
10836 views 4 | 9 tweets | 1 linkedin
Basel Committee outlines disruptive fintech scenariosBasel Committee outlines disruptive fintec...
9336 views comments | 15 tweets | 26 linkedin
Investment Association sets up fintech accelerator for asset managersInvestment Association sets up fintech acc...
8720 views comments | 19 tweets | 10 linkedin
R3 creates Legal Centre of Excellence for blockchain technolgyR3 creates Legal Centre of Excellence for...
8638 views comments | 11 tweets | 14 linkedin

Featured job

Find your next job