Manila, Phillipines (BBN)-In February, Bangladesh Central Bank lost $81 million to hackers, three months after the attack, authorities have uncovered three more incidents that may be linked together, SWIFT CEO reveals plans to strengthen the security of its operations.
The first uncovered case was actually the last attack carried out by the hackers, in February, a group of cybercriminals used stolen credentials from employees of Bangladesh’s Central Bank to validate over thirty wire transfers directed from the Bank’s account in the Federal Reserve of New York to accounts in the Philippines and Sri Lanka, reports the Merkle.
The operations totaled a whopping $1 Billion, but an error in one of the orders raised suspicions and the majority of the transfer orders were canceled, nonetheless, $81 million were stolen without any evident traces.
Another fraudulent attempt to acquire over $1 million was unsuccessfully performed on December by hackers, when a small Vietnamese bank, Tien Phong Bank, detected the intrusion.
The same modus operandi was then used later to carry out the Bangladesh hacks.
The third known attack was performed in January of last year when the same hackers managed to steal $10 million from Austro Bank, a midsize Ecuadorian entity.
All the attacks feature the same strategy, with the use of valid credentials stolen from the Bank’s workers, the attackers managed to validate operations in the Swift network.
Swift is a platform used by more than 11,000 financial institutions to exchange messages that contain money transference orders.
In a day, the Swift infrastructure handles more than 25 million messages that account for billions of dollars, every bank has its own Swift code along with credentials for their workers.
On May the 24th, Gottfried Leibbrant CEO of Swift spoke delivered the keynote address at the event celebrated in Brussels, the conference gathered major financial institutions to share thoughts and experiences in the sector. Leibbrant revealed a five-part plan to reinforce the security of the global financial system.
The five-point presentation included the improvement of information sharing among the global financial community, the reinforcement of the security requirements for bank-operated software, create or improve methods to identify suspicious behaviors, and finally, to introduce certification requirements for third party providers.
Swift insists that the hacks were not carried out thanks to vulnerabilities in their infrastructure, but as a result of weaknesses in each bank’s internal ecosystem.
BBN/SK/AD