Bangladeshi Hack Prompts SWIFT To Speak Up

As details are emerging about the hack of Bangladeshi funds out of an account held at the New York Fed last week, SWIFT is gearing up to reach out to banks to remind them of proper security practices, according to reports over the weekend. That hack yielded between $81 million and $101 million in funds that managed to vanish into the hands of cybercriminals.

SWIFT, a Brussels-based outfit, is owned by a global cooperative of 3,000 FIs. A letter requesting a full review of internal security is expected to go out today (March 21). According to a spokeswoman, that letter will be followed by calls to help highlight the importance of well-codified security protocols in light of the Bangladesh attack.

“Our priority, at this time, is to encourage customers to review and, where necessary, to reinforce their local operating environments,” the spokeswoman added.

As of now, the identity of the hackers that got into the Bangladeshi central bank in February and promptly began a campaign to steal $951 million from its holdings in the New York Fed is unknown. That account is used for international settlements.

While all the transfers didn’t go through, at least $81 million did, making this one of the largest cyberheists in history.
SWIFT, so far, has only said that the hack sprang from “an internal operational issue” at Bangladesh Bank and that there was no compromise in its core messaging system.

According to a confidential interim report, forensics experts suspect that attackers took control of the bank’s network, stole credentials for sending SWIFT messages and used advanced malware to attack the computers that authorize and process transactions.

The report also highlights the likelihood that other FIs have been targeted by the same group.

The report was prepared by FireEye and World Informatix, hired by Bangladesh’s central bank to investigate the massive theft.

“FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated and well-organized,” said an interim report sent to the bank last week.