SWIFT is warning banks that cybercriminals are getting more sophisticated and that the risk of digital heist is on the upswing. The Brussels-based inter-bank messaging system has been actively encouraging banks to increase their security and stave off risks of hacks like the one that left the Central Bank of Bangladesh short $81 million in February 2016.
“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s (BAES.L) cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”
SWIFT, in its warnings, demurred on giving more specific information such as the number of attacks, who the victims have been or, say, how much money has been stolen. But even minus official disclosure, the details on many hacks and attempted hacks have made their way to public consciousness. Far Eastern International bank, for example, has reportedly lost $500,000 in a cyber heist that they say was lead by a North Korean hacking group known as Lazarus. Lazarus is suspected to be the same hacking group behind the Bangladesh heist last year.
Nepal’s NIC Asia Bank lost $580,000 in a cyber heist earlier this month, according to the anonymous sources speaking to Reuters.
The SWIFT report also documents an attack on an unnamed bank that saw hackers essentially camping out within a customer network and using that access point to gather intel that might be useful for a future attack on the whole operational system. The hackers went on to make a dead-of-night attack on the system that left additional malware implanted so that they could easily bypass protocols within the messaging software that require a user confirm their identity.
The hackers, new access in hand, used it to send funds all over the globe by copying pre-formatted payment requests into the messaging software.
And when they were done, the cybercriminals even deleted records of their activity and set up a distraction: ransomwear that locked dozens of computers’ worth of documents behind an encryption key.
SWIFT did not note how much money was stolen, but did note that the fraud was noticed before it was completed and the purloined funds were frozen.