SWIFT warns banks on cyber heists as hack sophistication grows

Far Eastern International Bank

29/11/2017 24:01

By Jim Finkle 
    Nov 29 (Reuters) - SWIFT, the global messaging system used 
to move trillions of dollars each day, warned banks on Wednesday 
that the threat of digital heists is on the rise as hackers use 
increasingly sophisticated tools and techniques to launch new 
attacks. 
    Brussels-based SWIFT has been urging banks to bolster 
security of computers used to transfer money since Bangladesh 
Bank lost $81 million in a February 2016 cyber heist that 
targeted central bank computers used to move funds.  urn:newsml:reuters.com:*:nL4N1DU3U2 
The new warning provided detail on some new techniques being 
used by the hackers. 
    "Adversaries have advanced their knowledge," SWIFT said in a 
16-page report co-written with BAE Systems Plc's  BAES.L  cyber 
security division. "No system can be assumed to be totally 
infallible, or immune to attack." 
    SWIFT has declined to disclose the number of attacks, 
identify victims or say how much money has been stolen. Still, 
details on some cases have become public.  
    Taiwan's Central News Agency last month reported that Far 
Eastern International Bank  2845.TW  lost $500,000 in a cyber 
heist. BAE later said that attack was launched by a North Korean 
hacking group known as Lazarus, which many cyber-security firms 
believe was behind the Bangladesh case.  urn:newsml:reuters.com:*:nL2N1MR1UN 
    Nepal's NIC Asia Bank lost $580,000 in a cyber heist, two 
Nepali officials told Reuters earlier this month.  urn:newsml:reuters.com:*:nL3N1ND4P1 
    The new report described an attack on an unidentified bank. 
Hackers spent several months inside the network of one customer, 
preparing for the eventual attack by stealing user credentials 
and monitoring the bank's operations using software that 
recorded computer keystrokes and screenshots, the report said. 
    When they launched the attack in the middle of the night, 
the hackers installed additional malware that let them modify 
messaging software so they could bypass protocols for confirming 
the identity of the computer's operator, according to the 
report.  
    The hackers then ordered payments sent to banks in other 
countries by copying pre-formatted payment requests into the 
messaging software, according to the report. 
    After the hackers ended the three-hour operation, they 
sought to hide their tracks by deleting records of their 
activity. They also tried to distract the bank's security team 
by infecting dozens of other computers with ransomware that 
locked documents with an encryption key, the report said. 
    While SWIFT did not say how much money was taken, it said 
the bank quickly identified the fraudulent payments and arranged 
for the stolen funds to be frozen.     
 
 (Reporting by Jim Finkle in Toronto; Editing by Matthew Lewis) 
 ((jim.finkle@thomsonreuters.com; +1 416-687-7362)(Reuters 
Messaging: jim.finkle.thomsonreuters.com@reuters.us)) 
 
Keywords: CYBER HEIST/WARNING