The yet-unknown hackers who made away with $81 million from the Bangladesh Central bank’s New York Federal Reserve account have, according to a new Reuters report, used malware to hack into the SWIFT financial platform’s client software used by banks and financial institutions around the world.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT), the interbank system that facilitates transactions and interactions between banks and financial institutions globally may have been compromised by hackers behind the Bangladesh Central bank heist, according to security researchers at BAE Systems, a British defense contractor.
The new revelation underlines the significance of the Bangladesh Bank heist and the security risks that comes with the vulnerability of a system that’s the framework and technology powering the global financial industry.
Speaking to the publication, a spokesperson for SWIFT confirmed that the co-operative is aware of malware affecting its client software. SWIFT is gearing to release its software update on Monday to patch the vulnerability. The update will also come with a warning that will seek financial institutions and banks around the world to scrutinize their security practices.
The software update will “assist customers in enhancing their security and to spot inconsistencies in their local database records,” the SWIFT spokesperson stated. She insisted that the malware had no impact on SWIFT’s core messaging services nor its network itself.
An Unprecedented Detail in Malware
Security firm BAE’s head of threat intelligence, Adrian Nish revealed the unprecedented scale of the elaborate scheme deployed by criminal hackers for the Bangladesh central bank hack.
I can’t think of a case where we have seen a criminal go to the level of effort to customize it [the malware] for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile.
Researchers at BAE discovered the malware executable on a repository whilst not directly analyzing the infected servers. These repositories contain millions of new samples every day from various agencies, businesses and individuals who upload malware samples as submissions.
The malware used in the attack was compiled around the date of the heist and contained detailed information about the Bangladesh Central bank’s operations from within the country.
The malware was designed to make a small change to the code of the Access Alliance software, the client software deployed by SWIFT. This gave hackers the ability to tweak ta database that fundamentally logged the bank’s activity over the SWIFT network.
Following the exploit of the vulnerability, the malware could then delete records of all outgoing transfer requests from the database. Beyond such capabilities, the malware could also intercept incoming messages confirming the transfers ordered by the hackers.
The detail of the heist was such that the malware also manipulated account balances on logs to prevent the heist from being detected. Furthermore, a printer was also manipulated within the bank to produce hard copies of transfer requests to throw off the bank’s initial investigation into the heist.
Featured image from Shutterstock.