SWIFT Breached Again; Second Bank Sees Cyber Heist | Hacked: Hacking Finance


SWIFT Breached Again; Second Bank Sees Cyber Heist

Posted on .

SWIFT Breached Again; Second Bank Sees Cyber Heist


This article was posted on Friday, 19:07, UTC.

SWIFT, the financial inter-banking system used by thousands of banks around the world has revealed that cyber-thieves have yet again stolen from a bank that is a part of the SWIFT network.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

An undisclosed bank is the second known target of cybercriminals who are likely to have also been involved in the infamous Bangladesh bank heist which saw $81 million stolen from the bank’s NY Fed Reserve account.

A malware targeting a PDF reader that is routinely used by a bank to check its statement messages has been revealed as the cause for the second heist. The criminals are targeting banks that receive PDF reports of payment confirmations. When the malware is installed, it clones the functions of the actual PDF reader. When the user opens a PDF report, the malware manipulates the report to wipe any sign of a suspicious transaction.

SWIFT states that its banks were hacked in the following method:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //
  1. Attackers compromise the bank’s environment
  2. Attackers obtain valid operator credentials that have the authority to create, approve and submit SWIFT messages from customers’ back-offices or from their local interfaces to the SWIFT network.
  3. Attackers submit fraudulent messages by impersonating the operators from whom they stole the credentials.
  4. Attackers hide evidence by removing some of the traces of the fraudulent messages.

SWIFT contends that none of its core messaging services, software nor the network itself are compromised. Instead, it warns of a “highly adaptive campaign” that is targeting banks’ second controls around the world.

Specifically, the attackers are targeting and successfully exploiting vulnerabilities in the banks’ funds transfer initiation environments, the advisory from SWIFT read. Remarkably, the attackers are bypassing the primary security measures put in place by the banks to then initiate the “irrevocable” funds transfer.

The cyber-heist specialists have also discovered ways to tamper and sabotage the confirmations that banks implement as secondary controls. Such measures delay the banks’ ability to detect a heist.

The advisory added:

The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.

SWIFT is urging banks around the world to review their security controls and practices in banks’ payment environments, messaging and ebanking channels.

A report from Data Breach Today claims that the hackers’ second victim is a Vietnamese bank.

The current fallout from the original heist began in mid-March this year when the Bangladesh Bank saw its NY Fed Reserve account drained of $81 million. The incident could have been a whole lot worse for the bank as the cybercrooks originally sought to steal a billion dollars.

It was later revealed that malware was involved in the bank heist. Notably, SWIFT refused to take any blame for the heist, in a recent statement.

 Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
The team:
Dmitriy Lavrov
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
Mate Csar
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
Adult website Pornhub is enticing white-hat hackers and security researchers…