Login credentials were used as an intermediary step to compromise the very foundation of the global banking system banks and financial institutions depend on to transfer funds to one another. Security researchers from BAE have pointed to a far deeper, more complex and elaborate scheme, reminiscent of the cyberattacks that used to plague U.S economic interests.
As per security researchers from British defense contractor BAE Systems, the hackers who managed to steal $81 million from Bangladesh’s central bank, had found vulnerabilities into the SWIFT financial platform, which is at the heart of the global financial system.
Confirming that it was aware of this issue, SWIFT, a cooperative owned by 3,000 financial institutions, said it would release an update that would patch the vulnerability. Along with this SWIFT has also issued a special bulletin to global financial institutions to ramp up their security procedures.
This development comes in the wake of an unprecedented hacking attack on, what is essentially the global financial system, which allowed hackers to steal $81 million from Bangladesh’s central bank.
SWIFT said it was issuing a patch “to assist customers in enhancing their security and to spot inconsistencies in their local database records.”
Brussel-based SWIFT, which stands for the Society for Worldwide Interbank Financial Telecommunication, issued the update after BAE’s security researchers discovered that a malware was specifically coded that targets and manipulates SWIFT’s client software known as Alliance Access.
BAE has disclosed that it will go public with its findings on Monday, which will include a findings on the specially coded malware, which the hackers used to cover their tracks and delay discovery of the heist.
The hackers had initially a much larger sum in mind: they had made transfers totally $951 million from Bangladesh’s central bank at the Federal Reserve Bank of New York earlier this February.
Other than $81 million, most of the other transfers were blocked by alert bank officials at the Federal Reserve Bank of New York. The $81 million was routed to accounts in the Philippines and ended up in its casinos. Significant portions of the $81 million are still untraceable.
The rabbit hole gets deeper
Earlier investigators who were probing the heist had only said that the hackers had got accessed to the login credentials of the SWIFT system through which they were able to generate the transfers of funds, without raising eyebrows.
The security researchers from BAE went a little deeper and showed that the very software that the global financial system rests on, had been compromised. Furthermore, after finding the vulnerability in the SWIFT software, the hackers wrote a malware to hide their digital footprints and delay the discovery of the illicit transfers.
However, the BAE security researchers have said that “the malware has no impact on SWIFT’s network or core messaging services.”
Incidentally, the SWIFT messaging platform is used by 11,000 financial institutions and banks all over the globe, although some only use Alliance Access.
SWIFT has now reiterated its security bulletin to all financial institutions which are its clients, that it would be prudent to review their internal security.
“Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems,” said Deteran.
Adrian Nish, the head of threat intelligence from BAE, said he has yet to come across such an elaborate scheme from black hat hackers.
“I can’t think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile,” said Nish.
A spokesman from Bangladesh’s central bank declined to comment on BAE’s findings.
Categories: Creativity, Economy & Finance, Geopolitics, HR & Organization, Regulations & Legal, Strategy
manageria.biz 
Leave a comment