The SWIFT announced that a second commercial bank was a victim of a cyber heist, the crime appears to be part of a broad online attack on global banking.
A second malware-based attack hit the SWIFT (Society for Worldwide Interbank Financial Telecommunications) system.
The news was spread by the SWIFT on Thursday, the attack has many similarities with the $81 cyber heist occurred at the Bangladesh central bank in February.
SWIFT reported in a statement that the cyber criminals have a “deep and sophisticated knowledge of specific operational controls” at targeted banks, a circumstance that suggest the involvement of “malicious insiders or cyber attacks, or a combination of both”.
It seems that the first attack on the Bangladesh central bank is just an act of a larger operation that is targeting the global banking and financial infrastructure.
A commercial bank was the victim of a new cyber attack, at the time I was writing the SWIFT hasn’t disclosed the name of the organizations nor the total amount of money stolen by the hackers.
Natasha de Teran, the SWIFT spokeswoman, confirmed the existence with multiple similarities with the Bangladesh bank heist and added that both were very likely part of a “wider and highly adaptive campaign targeting banks.”
“The unusual warning from Swift, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace.” the NY Times reported. “Swift said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.”
The attackers used a malicious code to manipulate logs and erase any track of their presence on the compromised systems, it has the ability to intercept and hide messages confirming the money transfers.
“In the second case SWIFT said attackers had also used a kind of malware called a “Trojan PDF reader” to manipulate PDF reports confirming the messages in order to hide their tracks.” reported the Guardian.
The attackers deleted the history of the fraudulent transactions and investigators discovered that the malware also prevented printers from printing the fraudulent transactions.
The unique certainly at this moment is that in both cases, hackers successfully breached the bank systems and successfully transferred money to bank accounts they controlled.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.