HOW YOUR BANK CAN LOSE $80 MILLION IN THE BLINK OF AN EYE

Chances are, you have access to your bank accounts and budgeting apps such as Mint.com on your mobile device. Today, you often have to enter more than just a username and password – you also need to enter a PIN or complete some other type of multifactor authentication activity to access your information 

Unfortunately, some central banks haven’t quite kept up with their consumer banking peers. Recently, a cyberattack struck Bangladesh’s central bank, allowing hackers to pull off four transfers and steal more than $80 million from its U.S. Federal Reserve bank account.  

The culprit? Simple malware installed on the computer systems at the Bangladesh central bank.  

A group of still-unknown hackers broke into Bangladesh’s central bank, obtained the credentials necessary to make payment transfers from the Federal Reserve Bank of New York, and then transferred sums to fraudulent accounts based in the Philippines and Sri Lanka.  

The hackers were better at cybercrime than spelling: If they hadn’t spelled the name of a shell company incorrectly for its fifth transaction of $20 million, “Shalika Fandation” instead of “Shalika Foundation”, the Federal Reserve would have let the transfer pass unnoticed.  

Bangladesh’s central bank turned to security researchers from FireEye’s Mandiant forensics division to investigate the cyberattack. Right now, the working hypothesis is that hackers installed malware in the Bangladesh central bank’s computer systems a few weeks before the heist and watched how to withdraw money from its United States account. Likely, the malware software included spying programs allowing the hackers to learn how money was processed, sent, and received. Then, the hackers stole Bangladesh central bank’s credentials for SWIFT, a highly secure financial messaging system used by banks worldwide to communicate with one other. That in itself is scary, that a highly private, reportedly secure messaging platform used by the largest banks around the globe could be hacked like this. If it happened to Bangladesh and the U.S., what’s to say it couldn’t happen on an even broader global scale? However, SWIFT claims its core messaging services were not impacted by the heist and continue to work normally.  

Bangladesh’s central bank reportedly discovered weaknesses in its systems (no surprise there, considering they just lost $80 million and it would have been close to a billion had it not been for a simple typo), which could take years to repair.  

Consider this a warning for other banks, both large and small, to prepare for the onslaught from hackers. According to a new report from Symantec, cyberattacks against the financial industry are becoming more effective. Even worse, cybercriminals are moving away from attacking individual customers and instead targeting the banks themselves – greater risk, but much greater potential monetary reward.  

Ticking financial industry compliance regulation boxes alone can't stop every cyberattack meant to disrupt and embarrass you by accessing sensitive information. When you rely on the minimum amount of requirements to run your business, you often leave a clear pathway for attacks.  

We can help: US Cyber Vault is a secure cloud platform for healthcare and banking that encrypts everything by default so human error isn’t an option. With zero day malware detection, threats are found within 24 hours, not the industry standard 7 months. Once a threat is identified, it’s neutralized immediately with a 24/7 Incident Response Team trained in intelligence.   

Cybersecurity must involve a risk assessment and defensive strategy. To learn more, download our free banking report today

 

Written by Rob LaMear, CEO, US Cyber Vault

Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community.  Receive our next issue by signing up here.