27 May 2018
visit www.ebaday.com

Swift warns of second victim of bank hackers

13 May 2016  |  12041 views  |  5 Swift logo web screen shot

In news that will send a shiver down the spines of banking regulators worldwide, bank-owned messaging network Swift is warning members that a second bank has fallen victim to the same kind of malware-based attack that led to an $81 million loss at the Bangladesh Central Bank.

In a letter sent to member banks this morning, and reviewed by the New York Times, Swift warned that the latest attack bore numerous similarities to the $81 million heist suffered by the Central Bank of Bangladesh and was very likely part of a “wider and highly adaptive campaign targeting banks”.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website on Friday.

Police investigating the attack in Bangladesh said the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.

Researchers at BAE System claim that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which shielded the attackers by changing information on transfer requests made via Swift on the client interface used by the bank to track information about transfer requests.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

The latest bank to fall victim to the attackers is understood to have used a PDF reader to confirm that payments had been made, suggesting a higher level of sophistication than had been evident in the Bangladesh bank hack. Swift says the thieves obtained a valid Swift credential that allowed them to “create, approve and submit” messages on the network. Those messages — sent from PCs in the bank’s back offices or from laptops — were then used to move money from one of the bank’s accounts.

Swift has declined to name the bank involved or the amount of money that was stolen.

The latest incident once again turns the spotlight on the security of the network used by banks to transfer billions of dollars in transactions daily.

Swift has reiterated its stance that the core network remain secure, pointing to internal deficiencies and security lapses at member banks connecting to the network.

“Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift said in its latest message. “This latest evidence adds further urgency to your work.”

Comments: (5)

Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India 13 May, 2016, 15:38

You are as safe as your weakest Link.... more than decade old Security rule again proves right.

1 thumb up! 1 thumb up!
Chris Yaldezian
Chris Yaldezian - IBM (Software Group) - San Ramon 13 May, 2016, 18:21

Hitesh, you are absolutely right. So, what can be done about it? Perhaps rules about controls, and security software need to be mandated by SWIFT to allow banks to connect to its network? Thoughts?

Be the first to give this comment the thumbs up 0 thumb ups!
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 13 May, 2016, 19:14

Replace SWIFT with Bitcoin / Blockchain?:) On a more serious note, from personal experience of developing and implementing a SWIFT gateway software product, SWIFT already mandates security controls for interconnection of banking systems with SWIFT. If a bank hasn't implemented these security controls, will SWIFT let it connect to its network? Well, that's the $81 million question, isn't it?

1 thumb up! 1 thumb up!
Ramadas Mv
Ramadas Mv - Enterprise Banking Architects - New Delhi 17 May, 2016, 06:13

Exactly correct, its high time start discussion on SWIFT Security..in an increasingly networked world, any one banks security only is as good as other participant bank network !! SWIFT have only internal security measures, it has not established any specific measures to be uniformly adopted by financial institutions to secure their networks. it high time to build concensus among partipants and SWIFT together implement security measures to aviod such lapses.. 

1 thumb up! 1 thumb up!
Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India 17 May, 2016, 09:39

SWIFT can take some best practices of Securities trading platforms which has more tight control for system control access.

SWIFT can build message gateway for External interfaces and PC based front and back office applications to post transactons. It can be further cascaded with fraud and risk module on same gateway for all such external interfaces before posting their transactions.

1 thumb up! 1 thumb up!
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  8165 views  |  2 comments | 5 tweets | 18 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10465 views  |  0 comments | 16 tweets | 12 linkedin
No firewall and $10 routers blamed in Bangladesh Bank heist

No firewall and $10 routers blamed in Bangladesh Bank heist

22 April 2016  |  20567 views  |  2 comments | 20 tweets | 18 linkedin
Bangladesh Bank considers lawsuit against NY Fed over $81m hack

Bangladesh Bank considers lawsuit against NY Fed over $81m hack

23 March 2016  |  6633 views  |  0 comments | 2 tweets | 3 linkedin
Bangladesh bank governor quits as investigators follow money trail

Bangladesh bank governor quits as investigators follow money trail

15 March 2016  |  6937 views  |  0 comments | 6 tweets | 3 linkedin
Poor spelling thwarts Bangladesh Bank hackers

Poor spelling thwarts Bangladesh Bank hackers

10 March 2016  |  9889 views  |  1 comments | 17 tweets | 12 linkedin
Was Bangladesh Bank's account with the New York Fed hacked?

Was Bangladesh Bank's account with the New York Fed hacked?

08 March 2016  |  5775 views  |  0 comments | 3 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comVisit www.niceactimize.comVisit aciworldwide.webex.com

Who is commenting?

Top topics

Most viewed Most shared
satelliteAnt Financial provides tech for China Ever...
29128 views comments | 3 tweets | 2 linkedin
Digital banking transformation creating new systemic risksDigital banking transformation creating ne...
8962 views comments | 18 tweets | 26 linkedin
MUFG to roll out blockchain payment network next yearMUFG to roll out blockchain payment networ...
7632 views comments | 13 tweets | 13 linkedin
There are some things you just can't do with an appThere are some things you just can't do wi...
6909 views comments | 9 tweets | 15 linkedin

Featured job

Basic c Euro 120K, Variable Euro 120K - full ben...
Paris prefered London possible

Find your next job