Reuters :
The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.
SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures. The new developments now coming to light in the unprecedented cyber-heist suggest that an essential lynchpin ofthe global financial system could be more vulnerable than previously understood to hacking attacks, due to the vulnerabilities that enabled attackers to modify SWIFT’s clientsoftware.
Deteran told Reuters on Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.” She said “the malware has no impact on SWIFT’s network or core messaging services.” The software update and warning from Brussels-based Swift, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.
BAE said it plans to go public on Monday with a blog post about its findings concerning the malware, which the thieves used to cover their tracks and delay discovery of the heist. The cyber criminals tried to make fraudulent transfers totaling $951 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York in February. Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.
Investigators probing the heist had previously said the still-unidentified hackers had broken into Bangladesh Bank computers and taken control of credentials that were used to log into the SWIFT system. But the BAE research shows that the SWIFT software on the bank computers was probably compromised
in order erase records of illicit transfers. The SWIFT messaging platform is used by 11,000 banks and other institutions around the world, though only some use the Alliance Access software, Deteran said.
SWIFT may release additional updates as it learns more about the attack in Bangladesh and other potential threats, Deteran said. It is also reiterating a warning to banks that they should review internal security.
“Whist we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments horse-guard their systems,” Deteran said.
Adrian Nish, BAE’s head of threat intelligence, said he had never seen such an elaborate scheme from criminal hackers. “I can’t think of a case where we have seen a criminal go tothe level of effort to customize it for the environment they were operating in,” he said. “I guess it was the realization that the potential payoff made that effort worthwhile.”
A Bangladesh Bank spokesman declined comment on BAE’s findings.A senior official with the Bangladesh Police’s Criminal Investigation Department said that investigators had not found the specific malware described by BAE, but that forensics experts had not finished their probe.
Bangladesh police investigators said last week that the bank’s computer security measures were seriously deficient, lacking even basic precautions like firewalls and relying onused, $10 switches in its local networks.
Still, police investigators told Reuters in an interview that both the bank and SWIFT should take the blame for the problems.
The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.
SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures. The new developments now coming to light in the unprecedented cyber-heist suggest that an essential lynchpin ofthe global financial system could be more vulnerable than previously understood to hacking attacks, due to the vulnerabilities that enabled attackers to modify SWIFT’s clientsoftware.
Deteran told Reuters on Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.” She said “the malware has no impact on SWIFT’s network or core messaging services.” The software update and warning from Brussels-based Swift, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.
BAE said it plans to go public on Monday with a blog post about its findings concerning the malware, which the thieves used to cover their tracks and delay discovery of the heist. The cyber criminals tried to make fraudulent transfers totaling $951 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York in February. Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.
Investigators probing the heist had previously said the still-unidentified hackers had broken into Bangladesh Bank computers and taken control of credentials that were used to log into the SWIFT system. But the BAE research shows that the SWIFT software on the bank computers was probably compromised
in order erase records of illicit transfers. The SWIFT messaging platform is used by 11,000 banks and other institutions around the world, though only some use the Alliance Access software, Deteran said.
SWIFT may release additional updates as it learns more about the attack in Bangladesh and other potential threats, Deteran said. It is also reiterating a warning to banks that they should review internal security.
“Whist we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments horse-guard their systems,” Deteran said.
Adrian Nish, BAE’s head of threat intelligence, said he had never seen such an elaborate scheme from criminal hackers. “I can’t think of a case where we have seen a criminal go tothe level of effort to customize it for the environment they were operating in,” he said. “I guess it was the realization that the potential payoff made that effort worthwhile.”
A Bangladesh Bank spokesman declined comment on BAE’s findings.A senior official with the Bangladesh Police’s Criminal Investigation Department said that investigators had not found the specific malware described by BAE, but that forensics experts had not finished their probe.
Bangladesh police investigators said last week that the bank’s computer security measures were seriously deficient, lacking even basic precautions like firewalls and relying onused, $10 switches in its local networks.
Still, police investigators told Reuters in an interview that both the bank and SWIFT should take the blame for the problems.
