Cybercriminals have successfully struck banks using the global bank messaging system SWIFT multiple times since the notorious February online robbery which netted $81 million from the Bank of Bangladesh, the organization confirmed Tuesday.
“In all of these cases attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers,” Stephen Gilderdale, head of customer security at the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, told CyberScoop in a statement.
The intrusions had been detected in several different ways, Gilderdale said. In some cases, special security software that SWIFT provides to clients alerted the organization directly of an attempted manipulation of a bank’s system. In others, anti-virus software found intruders; and in one case, a financial regulator notified SWIFT of an attempted attack.
Hackers had successfully compromised SWIFT member-bank systems in “a meaningful number of cases,” he said without elaborating. He said 80 percent of the successful intrusions had been stopped without any fraud taking place.
“I personally am very pleased with the progress that we are making,” he added.
“We unfortunately continue to see cases in which some of our customers’ environments are being compromised,” reads a letter from SWIFT, first reported Monday by Reuters. The global messaging service is relied upon by banks for trillions of dollars in daily international money transfers.
In the Bangladesh case, hackers who successfully compromised the bank’s systems and sent SWIFT messages to the New York Reserve Bank, ordering transfers to the Philippines, where thieves laundered it through a casino before vanishing.
Since then, SWIFT and the Financial Services Information Sharing and Analysis Center, or FS-ISAC, had “been on a permanent education campaign,” to warn banks about the techniques used by the hackers, Doug Johnson vice president of the American Bankers’ Association told CyberScoop.
According to the SWIFT letter, as reported by Reuters, these tactics include exploiting software that lets help desk technicians remotely login to a computer when the user needs help.
So far, Johnson said, all the publicly reported compromises had been of non-U.S. banks. Globally, “Security is uneven,” he said. “Banks in the U.S. are harder targets.”
“The threat is very persistent, adaptive and sophisticated – and it is here to stay,” states the letter — sent last month to client banks.
The letter says hackers are choosing different tactics. “There are likely to be multiple groups of cyber attackers attempting to compromise customer environments,” it said, “There has been an evolution in the modus operandi, signifying that attackers are further adapting their methods,” it added.
Last week, authorities in Bangladesh said they believed the cyber criminals in that case had been aided by the negligence of bank insiders.
Over the summer, a cybersecurity firm engaged by SWIFT, said it had found evidence that the malware used in the Bangladesh Bank heist had been designed by the same author that wrote the code used to attack Sony Pictures Entertainment — a hack blamed by U.S. authorities on North Korea.