Researchers at the US cybersecurity company FireEye have discovered that hackers have begun to probe the defences of banks in the Middle East by targeting bank employees with malware-infected emails to collect information about bank networks and user accounts.
The company started an investigation into the cyberattack in February in which hackers were able to steal $81 million from Bangladesh's central bank. FireEye found no apparent connection between that attack and the similar attacks against banks in Vietnam and Ecuador. Currently in all three cases the hackers responsible for the attacks are unknown.
Cybersecurity experts think that due to the complicated nature of these attacks, it would have been necessary to gain prior knowledge in regard to bank procedures and systems before the attacks. Hackers would also have to gain remote access of the bank's systems in order to launch fraudulent transfer requests.
In early May, researchers at FireEye identified a “wave of emails containing malicious attachments being sent to multiple banks in the Middle East.” It was likely that these emails were sent to gain the initial reconnaissance against the banks the hackers were targeting. Collecting information in this way before this kind of attack is rarely seen in this kind of campaign.
Last month, Qatar National Bank was investigating a security breach that lead to the names and passwords of a large number of its customers being posted online. However, a spokesperson for FireEye revealed that the companies researchers found no trace of the malware used in the attack on Bangladeh's central bank at Qatar National Bank.
Some of the banks that were targeted by hackers were infected as the malware was able to report back to the hackers' servers. The malicious attachments sent in the emails to bank employees were able to gather network configuration data, user and administration passwords and software running on bank computers.
Banks across the world are beefing up their security in the wake of the Bangladesh Bank attack in order to ensure that they are not the next target of the hackers who still remain at large.
Image Credit: Ai825 / Shutterstock