Category: IT Security

Banks use a service to send secure messages built by the Society for Worldwide Interbank Financial Telecommunications (SWIFT) to send financial transaction instructions. But recently it hasn’t been so secure: Hackers stole $12 million from Ecuador banks earlier this week, the latest in a slew of thefts. Today, SWIFT released a plan to work with its customers (the banks) to shore up the messaging system’s security.

 

The plan is rooted in some standard anti-cyber attack strategies: Share information on breach attempts, beef up safety tools and enforce security protocols at all staff levels. While SWIFT’s core business has been passing authenticated messages between banks, the security overhaul includes checking whether those messages are consistent with past activity, much like how banks flag suspicious activity on personal accounts.

 

But the outline seems more plaintive than commanding, urging SWIFT customers to obey its security protocols rather than requiring adherence to use the service. As SWIFT CEO Gottfried Leibbrandt said in a statement, "While each individual SWIFT customer is responsible for the security of its own environment, the security of global banking can only be ensured collectively."

 

This year has already seen numerous instances of fraudulent SWIFT requests funneling money into hackers’ dummy accounts. Earlier this month, a Vietnamese bank prevented an attempted heist, while a typo tipped off bank officials to an attempt in Bangladesh back in February — but not before the thieves made off with $81 million. The latter group of hackers have also been connected to SWIFT-breaching attempts in the Philippines and other Southeast Asian countries.

 

Read the full article here.

Earlier this week reports showed another round of SWIFT-related cyber heists, this time targeting banks in Ecuador. A new report in Reuters sheds light on what actually happened to the high-tech thieves’ $12-million loot. Apparently, they moved $9 million to 23 banks in Hong Kong and $3 million to Dubai and other parts of the world. Wells Fargo transfered sums with the total value of $9 million to the accounts of four companies at HSBC and Hang Seng Bank based on authenticated SWIFT transactions. The hackers then distributed the money to what are believed to be phoney business accounts.

 

Similar to the recent Bangladesh and Vietnam bank attacks, the thieves’ scheme involved the use of the SWIFT messaging platform. Banks use SWIFT’s platform to make financial transfers between each other, and cyber thieves typically send out fraudulent SWIFT messages requesting for funds to be routed to dummy accounts.

 

In Bangladesh Bank’s case, the thieves used the SWIFT credentials of the institution’s employees to request several transfers to accounts overseas. They got off with $80 million, which would have been much larger if they didn’t misspell the word "foundation." The hackers could have easily accessed the employees’ credentials, because the bank lacked a proper firewall. It’s not clear if that’s also what happened in Ecuador, but the thieves obviously had the same MO.

 

Read the full article here.

More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh central bank earlier this year through rogue SWIFT transfers. Security firm FireEye, which was hired to investigate the Bangladesh bank attack, was also called in to look for possible compromises at up to 12 additional banks, Bloomberg reported Thursday, citing an unnamed source familiar with the investigations.

Read the full article here.

SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist.

 

Security researchers at Symantec have found evidence that malware used by the hacking group shares code similarities with the malware families used in targeted attacks against South Korean and US government, finance, and media organizations in 2009.

 

Read the full article here.

In the early morning hours of May 15, 2016, a group of over 100 people executed coordinated, fraudulent ATM withdrawals that netted them about 1.44 billion yen. In a period of less than three hours, the members of the group went around Tokyo and 16 other prefectures, and repeatedly withdrew 100,000 yen from ATMs located in convenience stores. All in all, over 14,000 fraudulent withdrawals have been executed with the help of forged payment cards.

 

Read the full article here.

Bangladesh is not the only bank that had become victim to the cyber heist. In fact, it appears to be just a part of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT.

 

Yes, the global banking messaging system that thousands of banks and companies around the world use to transfer Billions of dollars in transfers each day is under attack.

 

A third case involving SWIFT has emerged in which cyber criminals have stolen about $12 million from an Ecuadorian bank that contained numerous similarities of later attacks against Bangladesh’s central bank that lost $81 Million in the cyber heist.

 

The attack on Banco del Austro (BDA) in Ecuador occurred in January 2015 and, revealed via a lawsuit filed by BDA against Wells Fargo, a San Francisco-based bank on Jan. 28, Reuters reported.

 

Here’s how cyber criminals target banks:

• Uses malware to circumvent local security systems of a bank.
• Gains access to the SWIFT messaging network.
• Sends fraudulent messages via SWIFT to initiate cash transfers from accounts at larger banks.

 

Over ten days, hackers used SWIFT credentials of a bank employee to modify transaction details for at least 12 transfers amounting to over $12 Million, which was transferred to accounts in Hong Kong, Dubai, New York and Los Angeles.

 

In the lawsuit, BDA holds Wells Fargo responsible for not spotting the fraudulent transactions and has demanded Wells Fargo to return the full amount that was stolen from the bank.

 

The lawsuit filed by BDA in a New York federal court described that the some of these attacks could have been prevented if banks would have shared more details about the attacks with the SWIFT organization.

 

Wells Fargo has also fired back and blamed BDA’s information security policies and procedures for the heist and noted that it “properly processed the wire instructions received via authenticated SWIFT messages,” according to court documents.

 

According to reports, the heist remained a secret for a long time and now disclosed when BDA decided to sue Wells Fargo that approved the fraudulent transfers.

 

SWIFT did not have any idea about the breach, as neither BDA nor Wells Fargo shared any detail about the attack.

 

“We were not aware,” SWIFT said in a statement. “We need to be informed by customers of such frauds if they relate to our products and services so that we can inform and support the wider community. We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us.”

 

It turns out that the security of SWIFT itself was not breached in the attack, but cyber criminals used advanced malware to steal credentials of bank’s employees and cover their tracks.

 

In February, $81 Million cyberheist at the Bangladesh central bank was carried out by hacking into SWIFT using a piece of malware that manipulated logs and erased the fraudulent transactions history, and even prevented printers from printing those transactions.

 

Read the full article here.