Cybercriminals stole millions of dollars from Bangladesh’s central bank and they managed to cover their tracks by using custom malware that targeted the SWIFT interbank messaging system.
The attackers transferred $101 million from the Bangladesh Bank’s account at the Federal Reserve Bank of New York before their operation was shut down by the financial institution, and $81 million sent to the Philippines are still missing.
It took the bank nearly four days to detect and block the unauthorized payments due to printer and software problems, which appear to have been caused by custom malware designed to interact with the SWIFT Alliance Access software. The malware deleted specific transactions from the SWIFT database, altered transaction amounts, and ensured that confirmation messages that would normally be printed on paper were damaged.
Industry professionals contacted by SecurityWeek commented on the incident, including its implications for the financial industry, the possibility that other proprietary platforms could be targeted in a similar fashion, and the steps organizations should take to prevent these types of breaches.
And the feedback begins…
Steven Rogers, CEO, Centripetal Networks:
“This targeted attack on Bangladesh Bank's financial infrastructure is just the latest example of a targeted, persistent threat. Attackers use a number of methods to gain access to the network, map out and discover high value resources in the network, and then develop and deploy malware to exploit the bank's systems. This doesn't happen overnight; it can often take months to get to this point.
"With the large dwell time inside the network, and little visibility to the adversary, more of these attacks are likely. Due to the lucrative gains from these attacks, criminal organizations are employing highly skilled developers to defeat these systems.
"Intelligence suggests that these attackers are known, and likely being tracked by commercial and community sources. Leveraging this intelligence would enable the bank to gain visibility to the threats in a time period where they can take action and prevent the large scale loss. This should serve as yet another wake up call to those who aren't sharing and consuming intelligence from their respective communities.”