Bank hacking risk rises, as regulators defend
Regulators have defended the integrity of the global payments system, even as experts warned there could be further attempts to hack into banks’ money transfers.
The comments followed revelations that a second bank had been attacked in circumstances similar to the breach that cost Bangladesh’s central bank $US81 million. In both cases the hackers obtained the banks’ codes for using the international bank messaging system SWIFT and used them to send fraudulent messages, SWIFT warned in a notice to banks.
SWIFT didn’t name the second bank, but information security researchers at BAE Systems said they had discovered malware like the one used in Bangladesh at a commercial bank in Vietnam. The name of the bank or the circumstances of the attack weren’t known.
In addition, Bangladesh’s central bank appears to have been penetrated more extensively than previously known. Forensic experts from California-based cybersecurity firm FireEye, hired by Bangladesh Bank to probe the heist, have identified the footprints of at least three groups of hackers in the central bank’s network, two of which appeared to originate in North Korea and Pakistan, according to a source close to the investigation.
FireEye investigators believe the perpetrator is a third group — a cyber-criminal gang motivated by financial gain. FireEye previously said it had observed the same “threat actor attacking other banks”.
Researchers at BAE Systems said they had examined malware found at institutions including Bangladesh Bank and the commercial bank in Vietnam. They said the software shared similarities with that used in the devastating attack on Sony Pictures Entertainment in 2014. The firm isn’t involved in the criminal investigation and based its findings on data it was able to find independently.
The emergence of a second attack added to concerns about vulnerabilities in the messaging system run by SWIFT, the Society for Worldwide Interbank Financial Telecommunication, a bank co-operative based in Belgium. SWIFT said the network itself wasn’t breached and has urged banks to improve their security. SWIFT’s primary regulator, the National Bank of Belgium, suggested on the weekend that responsibility for recent cyber-attacks lies with the network’s customers.
“Based on the information available to the NBB, it appears that some SWIFT customer banks’ IT environments have been compromised,” the National Bank of Belgium said. “Noncompliance of these banks with SWIFT’s extensive and repeatedly communicated security guidance for customers might have been one of the contributing factors to their exposure.”
SWIFT is overseen by the central banks of the Group of 10 industrialised nations under the lead of the National Bank of Belgium, because the company is based on the outskirts of Brussels.
Meanwhile, the Federal Reserve Bank of New York defended its handling of money-transfer requests in the Bangladesh Bank attack. The New York Fed held 30 of the 35 transfer requests it received from the suspected thieves, but only after it had approved five. Democratic Representative Carolyn Maloney had asked why it wasn’t more aggressive in recalling those payments.
Thomas Baxter, the head lawyer at the New York Fed, said the bank’s payment monitoring systems were focused on complying with sanctions and said SWIFT users had a responsibility to secure their own systems.
Leonard Schrank, who was chief executive at SWIFT for 15 years until 2007, said the network had long known that end users were a key vulnerability and said SWIFT could do a lot more to mitigate cyber threats. One step he suggested was that SWIFT develop an anomaly detector to catch questionable message traffic as it arrives.
“SWIFT and its community now needs to do more, a lot more, to strengthen its standards and software security at the edges of its system, given the evolution of cyberattacks on banks and financial institutions,” Mr Schrank said.
Source | TheAustralian
