, Vietnam

Malicious insiders plotting coordinated cyber attacks against banks, says SWIFT

A Vietnamese bank was the second victim.

Banks should be ready to face a spate of well-planned cyber heists instigated by sophisticated attackers with “deep knowledge” of vulnerabilities in bank transfer systems, SWIFT said in a letter to its customers.

The letter follows reports that Vietnam’s Tien Phong Bank had almost fallen prey to hackers attempting to transfer $1.36 million to a Slovenian bank in late 2015. The incident marks the second heist of its kind, including the high-profile attack on Bangladesh Bank in February 2016. 

“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” SWIFT said in the statement.

In both cases, attackers took advantage of vulnerabilities in each bank’s funds transfer initiation environments. The SWIFT network, core messaging services and software has not been compromised, the provider said.

“The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud,” SWIFT noted.

The statement added that attackers have a “deep and sophisticated” knowledge of specific operational controls within the targeted banks. This knowledge may have been gained from malicious insiders or cyber attacks, or a combination of both, SWIFT said.

Andrey Dulkin, Senior Director of Cyber Innovation, CyberArk Labs noted that TPbank may have been targeted simply because attackers are “testing the waters”.

“This could mean exploring the process of sending fraudulent transactions and gaining insight into bank network-level operations, including lateral movement and execution on target servers, and whether the whole route, include actually getting the money, works,” he said.

The attack is not unique to the SWIFT network, Dulkin added, as similar attacks have been discovered in Russia as well as attacks on multiple organizations around the world to send money transfer commands from machines within the network to the banks that manage the organizations’ accounts.

“An attacker who hijacks legitimate credentials inside the network can send these commands by appearing to operate as a legitimate user, thereby avoiding detection. The two main hurdles for attackers to execute their strategy are acquiring credentials and expertise in banking systems. That expertise can be easily acquired through using privileged accounts to conduct reconnaissance including studying legitimate user actions, or involving someone familiar with the specific banking systems in the attack,” he said.
 

Join Asian Banking & Finance community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Exclusives

Private fund tokens may be the future of investing
Kinexys seeks to keep a token’s sensitive financial information from prying eyes.
More tax perks could drive Philippine SMEs to go ‘green’
The Southeast Asian nation’s 1.1 million small businesses can be a target for green loans. 
Asia struggles with G20 payment targets
The ultimate goal is for cross-border payments to achieve “the speed of the internet.”