Dhaka, Bangladesh (BBN)– Another bank has been targeted by cyber criminals in a similar way that led to the theft of $81 million from the Bangladesh Bank’s account at the Federal Reserve Bank of New York in February 2016.
The SWIFT (Society for Worldwide Interbank Financial Telecommunication) said the target of the latest attack was a commercial bank, but did not name it or give any other details.
Global financial messaging organisation SWIFT warns of a highly adaptive cyber crimininal campaign targeting banks with user credentials to submit transfer requests.
The attackers exhibited a “deep and sophisticated knowledge of specific operational controls” at the bank and may have been aided by “malicious insiders or cyber attacks, or a combination of both,” the SWIFT said in a statement.
According to the SWIFT, investigators said this latest incident shows that the Bangladesh heist was not a single occurrence, “but part of a wider and highly adaptive campaign targeting banks”.
In both cases, SWIFT said it appeared that insiders or cyber attackers had obtained user credentials and submitted fraudulent money transfer requests.
The cyber fraud took place on the night of February 4, sending a total of 35 transfer orders into the US Federal Reserve Bank in New York where the BB maintains a foreign exchange account.
Nearly $20 million of the $101 million siphoned off was recovered from Sri Lanka. The lion’s share of the booty landed in the Philippines and that is reported to have been splurged on gaming stakes in casinos.
Commenting on the first case, Justin Harvey, chief security officer at Fidelis Cybersecurity said it showed how critical it was to protect corporate credentials.
“Those with powerful access rights within an organisation are an easy target for hackers and, if compromised, this can have a devastating impact on any company – financially and in terms of reputation,” he was quoted by the ComputerWeekly.com as saying.