Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Billion Dollar Sting: A Financial Institution's SWIFT NightmareTargeted malware hitting banks around the globe and running off with the money through the SWIFT network
By: Panda Security This approach has some benefits for these cybercriminals: The big money is within the Financial institutions themselves - hard to break into, and even harder to understand how their internal systems work; In order to be able to fully compromise them, take the money and leave without leaving a trace. It requires significant investment to gather all the intelligence needed for this kind of heist, it is not easy to perform and it might require months, if not years, of careful planning. All worth it if the result could be one billion dollars stolen in a single hit. This is nearly what happened in February of this year at the Bangladesh Central Bank, where attackers infected their system with malware and tried to make fraudulent transfers totaling 951 million dollars. That money was in the account Bangladesh Central Bank held at the Federal Reserve Bank of New York. Luckily most of the transfers were blocked, and "only" 81 million dollars were stolen. However this was not the only instance. Tien Phong Bank, a Vietnamese bank suffered a similar attack in the last Quarter of 2015, where cybercriminals also tried to make transfers through SWIFT, although the bank realized in time and halted the one million dollar transfers already en route. And a few months earlier, in January 2015, a bank from Ecuador -Banco del Austro -was hit in a very similar way, and 9 million dollars were successfully stolen. What are the similarities among the three cases? Malware was used to perform the attack, and all the money transfers were made using the SWIFT network. SWIFT (Society for Worldwide Interbank Financial Telecommunication) The biggest concern was that SWIFT network, previously believed to be secure, had been compromised, placing the entire financial system at risk. It looks like this was NOT the case as SWIFT has issued a press release which clearly states: "the SWIFT network, core messaging services and software have not been compromised." However, that depends on the point of view: cybercriminals successfully used the SWIFT network to perpetrate these heists. While SWIFT provides a safe environment, each financial institution has its own internal system that has to communicate with the SWIFT network. In the same way cybercriminals were targeting final customers with banking Trojans, now instead of going after the SWIFT network they are going after the banks that connect to it. This means that while we can say that so far the SWIFT network is safe, we can also say that there are potentially thousands of holes, as many as there are financial institutions connecting to them. In their customer communication SWIFT tells all the banks that their "first priority should be to ensure that you have all preventative and detective measures in place to secure your environment." Criminals will keep trying, and eventually they may succeed. Anyway we know what they are after (money) and what computers they want to target (those connecting to the SWIFT network). Access to the SWIFT network is highly restricted, it can only be performed from certain computers and only certain users are allowed access to them. Those computers have to be highly fortified, and of course we are not just talking about having updated software and using an antimalware solution. Only pre-approved software should be allowed to execute on those computers. All executed processes need to be monitored in real time, logging everything that happens and looking for abnormal behaviors. It does not matter if the attack comes from the Internet or with the help of an insider. No unauthorized software should be allowed to execute on those terminals, and the authorized software needs to be protected with anti-exploit technologies and monitored in real time should some abnormal behavior takes place. Of course, if somebody has physical access to a target computer, at some point they could disable any security solution, which is not a problem by itself if you receive an alert in the console used by the security team. Is there any better indicator of compromise than someone tampering with the security software installed in a critical system? Our conclusion after studying these attacks is that - Had those banks had Panda Adaptive Defense installed on their SWIFT connected terminals, the heists could have been stopped in time. Luis Corrons, Technical Director of PandaLabs More info at: http://www.pandasecurity.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|