In March, we posted a story about a cyberheist where hackers tried to steal a cool 1 Billion dollars from the Bangladesh Central Bank, but a simple typo thwarted most of their attempt.
Everyone was wondering who was behind these attacks, and a team from FireEye's Mandiant forensics experts concluded early on that these attacks came from outside Bangladesh.
Now, in a very interesting development, malware researchers with Symantec -- confirmed by the British defense contractor BAE Systems -- say they see links between the Bangladesh bank heist and cyber-attacks on banks in Vietnam and Ecuador. The researchers found a unique piece of code that has only ever been found in two other hacker attacks: Sony Pictures in December 2014, and media companies in South Korea in 2013. The FBI has said North Korea was responsible for the Sony Pictures attack.
It is a bit early to say that this is the smoking gun, but if true this would be a first that a rogue nation state has attacked the SWIFT banking system with highly sophisticated cyberheists.
UPDATE 5/30/2016 07:08am EST: Symantec has revealed that a fourth bank in the Philippines has been attacked by the same group that stole US$81 million from theBangladesh central bank and attempted to steal over $1 million from theTien Phong Bank in Vietnam.
In all 4 attacks on those banks, the hackers were able to compromise the security of what's known as the SWIFT messaging system - what was thought to be the world's most secure system for sending orders for financial transactions. Former SWIFT chief executive Leanard Schrank says it appears that SWIFT's security efforts have not kept up with hackers' increased technical skills and that SWIFT officials have a big job ahead of them to restore the messaging system's reputation.
From what we know, it looks like the Bangladesh attack started with spear phishing which lured bank employees with social engineering tricks to download and install malware used by the attackers to infiltrate the bank's network. The bad guys got access to workstations of key employees and obtained not just the passwords and cryptographic keys used for electronic fund transfers, but also the emails of bank employees so that they could copy and adapt the emails by which they made their transfers look legit.
What To Do About It
It is clear that at this point in time, any organization needs to step up their cybersecurity game. Specifically, they need to put programs in place to manage the ongoing problem of social engineering and spear phishing which has been causing almost all of the major data breaches at companies like Target and governmental agencies like the Office of Personnel Management.
SWIFT continues to assert that their messaging system is safe, but if participating banks are hacked and bad guys can get their hands on the authorizations and confirmation protocols to use SWIFT, that is a moot point. Individual Financial Institutions need to increase their security, specifically their security awareness training programs to make sure employees do not fall for phishing attacks.
Once employees spot the red flags related to phishing, they can click KnowBe4's free Phish Alert button to delete the phish and get it forwarded including all headers to your Incident Response team.
Don't like to click on redirected buttons? Cut & Paste this link in your browser: