Cybercriminals are now targeting banks directly rather than their customers so they can siphon money from unsuspecting financial institutions
It started a few months ago when unidentified attackers transferred $81 million from a bank in Bangladesh.
This is critical because the crooks weren’t stealing from customers, they were reaching into the bank vault.
The hackers attacked SWIFT, the backbone of the global financial system.
It wasn’t an isolated incident. Swift says the attack has happened on a second commercial bank which it has refused to identify. In its letter to users, Swift said the two attacks bore numerous similarities. They were very likely part of a “wider and highly adaptive campaign targeting banks.”
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning.
In both cases, the the core messaging system of Swift was not breached.
Instead, the criminals went for the banks’ connections to the Swift network, exploiting loopholes in bank security to obtain login credentials and dispatch fraudulent Swift messages.
“As a matter of urgency, we remind all customers again to urgently review controls in their payments environments.”
According to Swift, the crooks used malware that targeted a PDF reader confirming payments had been made. The malware then manipulated the PDF to “remove traces of the fraudulent instructions.”
“An event like this changes the risk profile for the banking system, since the attackers will inevitably reinvest some of their profits in new large-scale attacks,” Paul Kocher, a security and encryption expert who is the president of Cryptography Research, a division of Rambus told the New York Times.