Third One Counters Heist Just in Time Due To Second Bank Suffers Cyber-Theft Through The SWIFT
After the cyber-heist of Bangladesh that showed the hackers steal the $81 million through the broadly used the transaction system of SWIFT bank where two more hacks that leveraged the same application that has come to light this past week.
The first attempt was failed to steal money from the Tien Phong Bank of Vietnam. Hackers deal with to get a hold of the SWIFT login credentials of the bank as well as using its username and password of SWIFT that they tried to move $1.36 million out of its account.
The first attack was noticed and that was stopped.
The bank said it was noticed the irregular operation as well as blocked the transfer earlier it left its account. This occurred at the end of 2015 however recently the bank only recognized the incident, after the security firm BAE Systems disclosed that another bank was hit by the same SWIFT malware that was noticed on the computers of Bangladesh central bank.
SWIFT that is nothing more than a glorified CMS for transferring money between the banks which works just like any software that manages the sensitive information and also needs for users to log in by using a special set of credentials.
All these credentials can be phished, or they can be discarded from the system of SWIFT using the special software such as - info stealers, password dumpers.
The Bank in Ecuador drops $12.2 million.
According to the reports of the credentials that also seem to have been cooperated for a third bank that Banco del Austro (BDA) from Ecuador. Such as the account of Vietnam bank and this attack was never disclosed to the public, nor to the operators of SWIFT. Nothing like the attack of Vietnam bank and this one was successful.
It shows that the hacker managed to steal $12.2 million out of the accounts of BAE at the US-based Wells Fargo bank. Whereas the cyber-heist took place on January 28 as well as the funds were sent to various accounts in Hong Kong.
And the details about this attack that came to light after BDA sued Wells Fargo for failing to notice the attacks and even if the credentials were compromised on its side.
The Ecuadorian bank repaired some of the money.
Whereas the third bank was also included in this attack that is Citibank, but this bank determined to refund the Ecuadorian bank with $1.8 million after it failed to notice the irregular operations that took place outside of the business hours of BDA as well as it included the abnormal large funds.
Neither BDA nor Wells Fargo, nor Citibank told SWIFT about these hacks using its system. Unintentionally, Yawar Shah who is the Managing Director of Citibank and he is also the chairman of SWIFT as well as he also failed to tell his engineers about what happened.
There is a de-facto thinking which is engrained in the sector of banking that SWIFT is 100 percent safe against the attacks. But the investigation of BAE Systems into the Bangladesh central bank hack that confirmed that the SWIFT is just as vulnerable as any other piece of software as well as that security practices are as important as the software.
Adam Meyer, Chief Security Strategist at SurfWatch Labs, told that "This is absolutely a financial services culture problem. The mitigating effort that could drive the most risk reduction is not some fancy tool or new framework but instead, the institutions must look very hard at their cyber security lifestyle."
And also added that "Those who acknowledge that cyber risk is directly tied to the successful delivery or their products and services, customer trust, and institutional resilience will be in a better position for the future. Those who still think this is solely a technology problem that can be solved with a magic tool won’t fare well."