We reported a few days ago on banks using the SWIFT inter-bank transfer system being hacked, resulting in $81 million being stolen from the Bangladesh Central Bank.
Now Luis Corrons, technical director of PandaLabs, has released more information on other banks affected, with attacks that stretch back more than a year.
In addition to the Bangladesh attack in February, Vietnamese Tien Phong Bank suffered a similar attack in the last Quarter of 2015, where cybercriminals also tried to make transfers through SWIFT, although the bank realised in time and halted the million dollar transfers already en route. A few months earlier, in January 2015, a bank from Ecuador, Banco del Austro, was hit in a very similar way, and nine million dollars were successfully stolen.
What all three attacks have in common is that malware was used and the transfers were made using the SWIFT network. SWIFT itself has issued a release stating that, "...the SWIFT network, core messaging services and software have not been compromised." However, it also reminds banks that, "...as a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environment - starting with basic password protection practices - in much the same way as you are responsible for your other security considerations".
Panda's Corrons says, "Criminals will keep trying, and eventually they may succeed. Anyway we know what they are after (money) and what computers they want to target (those connecting to the SWIFT network). Access to the SWIFT network is highly restricted, it can only be performed from certain computers and only certain users are allowed access to them. Those computers have to be highly fortified, and of course we are not just talking about having updated software and using an antimalware solution".
In the Bangladesh Central Bank incident three pieces of malware were recovered after the incident, but it's likely that attackers also used many other tools and processes that were deleted leaving the victim in the dark about exactly how the attack was perpetrated.
"Knowledge is power, and knowing how a security incident happened will help you fix security weaknesses in your environment," Corrons concludes.