SWIFT announced that a second bank was a victim of cyber heist

Pierluigi Paganini May 13, 2016

The SWIFT announced that a second commercial bank was a victim of a cyber heist, the crime appears to be part of a broad online attack on global banking.

A second malware-based attack hit the SWIFT (Society for Worldwide Interbank Financial Telecommunications) system.

The news was spread by the SWIFT on Thursday, the attack has many similarities with the $81 cyber heist occurred at the Bangladesh central bank in February.

SWIFT reported in a statement that the cyber criminals have a “deep and sophisticated knowledge of specific operational controls” at targeted banks, a circumstance that suggest the involvement of “malicious insiders or cyber attacks, or a combination of both”.

It seems that the first attack on the Bangladesh central bank is just an act of a larger operation that is targeting the global banking and financial infrastructure.

A commercial bank was the victim of a new cyber attack, at the time I was writing the SWIFT hasn’t disclosed the name of the organizations nor the total amount of money stolen by the hackers.

SWIFT cyberheist

Natasha de Teran, the SWIFT spokeswoman, confirmed the existence with multiple similarities with the Bangladesh bank heist and added that both were very likely part of a “wider and highly adaptive campaign targeting banks.”

“The unusual warning from Swift, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace.” the NY Times reported. “Swift said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.”

The attackers used a malicious code to manipulate logs and erase any track of their presence on the compromised systems, it has the ability to intercept and hide messages confirming the money transfers.

“In the second case SWIFT said attackers had also used a kind of malware called a “Trojan PDF reader” to manipulate PDF reports confirming the messages in order to hide their tracks.” reported the Guardian.

The attackers deleted the history of the fraudulent transactions and investigators discovered that the malware also prevented printers from printing the fraudulent transactions.

The unique certainly at this moment is that in both cases, hackers successfully breached the bank systems and successfully transferred money to bank accounts they controlled.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Bangladesh bank, hacking)

you might also like

leave a comment