In Focus
Banking Technology
Staff Reporter
, Vietnam
Published:

Malicious insiders plotting coordinated cyber attacks against banks, says SWIFT

A Vietnamese bank was the second victim.

Banks should be ready to face a spate of well-planned cyber heists instigated by sophisticated attackers with “deep knowledge” of vulnerabilities in bank transfer systems, SWIFT said in a letter to its customers.

The letter follows reports that Vietnam’s Tien Phong Bank had almost fallen prey to hackers attempting to transfer $1.36 million to a Slovenian bank in late 2015. The incident marks the second heist of its kind, including the high-profile attack on Bangladesh Bank in February 2016. 

“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” SWIFT said in the statement.

In both cases, attackers took advantage of vulnerabilities in each bank’s funds transfer initiation environments. The SWIFT network, core messaging services and software has not been compromised, the provider said.

“The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud,” SWIFT noted.

The statement added that attackers have a “deep and sophisticated” knowledge of specific operational controls within the targeted banks. This knowledge may have been gained from malicious insiders or cyber attacks, or a combination of both, SWIFT said.

Andrey Dulkin, Senior Director of Cyber Innovation, CyberArk Labs noted that TPbank may have been targeted simply because attackers are “testing the waters”.

“This could mean exploring the process of sending fraudulent transactions and gaining insight into bank network-level operations, including lateral movement and execution on target servers, and whether the whole route, include actually getting the money, works,” he said.

The attack is not unique to the SWIFT network, Dulkin added, as similar attacks have been discovered in Russia as well as attacks on multiple organizations around the world to send money transfer commands from machines within the network to the banks that manage the organizations’ accounts.

“An attacker who hijacks legitimate credentials inside the network can send these commands by appearing to operate as a legitimate user, thereby avoiding detection. The two main hurdles for attackers to execute their strategy are acquiring credentials and expertise in banking systems. That expertise can be easily acquired through using privileged accounts to conduct reconnaissance including studying legitimate user actions, or involving someone familiar with the specific banking systems in the attack,” he said.
 

Also Read

Perbankan Terbuka di Asia Pasifik: memanfaatkan data, API untuk solusi yang lebih baik

Bank masa depan: Bagaimana Bank Menerapkan Artificial Intellegent (AI)?

Pembekuan pendanaan menghantam penyedia layanan BNPL

Investor semakin sedikit mengalirkan dana ke penyedia layanan BNPL yang sudah menghadapi keuntungan margin yang tipis.

HSBC: Aliansi bank-fintech merupakan win-win

Pemberi pinjaman dapat belajar dari teknologi disruptif sambil membantu mereka mematuhi regulasi.

Tokenisasi aset perdagangan untuk menjembatani kesenjangan pembiayaan

Teknologi blockchain dapat mendesentralisasikan operasi keuangan dan mempermudah akses kredit.

PT Bank Permata meluncurkan kartu perjalanan dan kuliner untuk klien berkelas

Nasabah prioritas dapat memperoleh 20.

BCA menjalankan komitmen terhadap keuangan berkelanjutan

Bank asal Indonesia ini mempertimbangkan aspek lingkungan dan tata kelola dalam keputusan pemberian pinjaman.

Mengapa UNOBank mendorong embedded finance tumbuh di Filipina

Bagi UNOBank, banking interface terpadu adalah strategi pertumbuhan sekaligus upaya inklusi keuangan.

OCBC mencoba mengurangi kesenjangan manfaat bagi agen properti di Singapura

Produk terbarunya menawarkan manfaat finansial di bidang perbankan, asuransi, dan perdagangan.

Upaya Malaysia menjadi anggota BRICS untuk mendorong perombakan sistem perbankan

Namun, tantangan muncul ketika menjauh dari ketergantungan pada AS dan SWIFT.

Platform pembayaran PingPong memperoleh lisensi PJP di Indonesia

PingPong mengincar ekspansi ke pasar ekspor senilai $320 miliar di negara tersebut.

Merger dan penutupan mengancam 3.800 bank di area pedesaan Cina

Sekitar 70 bank di area tersebut telah merger sejak 2023.
Join the community

Thought Leadership Centre

Navigating the Cloud Migration Journey: Strategies for Banking Incumbents

Explore how FinOps fosters cloud efficiency, balancing performance and cost while aligning with sustainability goals

In Association with

SmartStream launch high performance, AI enabled platform to meet client demands for managing complex data

Harnessing the power of observational learning in data quality processing and management

In Association with

SAP SPM: Boosting sales success whilst ensuring regulatory compliance

SAP Business AI: Unlocking the power of AI in financial services

In Association with

Resource Center

Shaping the Future of Banking: An Exploration of ASEAN Trends and Transformations

Comarch AI-driven digital solutions enable better, more personalised banking

Banking in a Volatile Economy & Navigating Uncertainty

Bridging The Gap: A Survey On Alternative Financing

Improving API Security in Digital Banking

The financial services world of the future

Re-wiring financial services operations for a bold future

Fraud surveillance in today’s hybrid banking environment

ABF Retail Banking Digital Conference 2021

Print Issue

Read Here
Advertise
Sign Up

Event News

CIMB Niaga leads the way in captivating Indonesia’s youth
CIMB Niaga leads the way in captivating Indonesia’s youth
The bank’s digital solutions are winning over younger generations with 3.
BCA sets benchmark in Indonesia’s microfinance sector
BCA sets benchmark in Indonesia’s microfinance sector
Siam Commercial Bank shares crisis lessons from pandemic
Lending & Credit Siam Commercial Bank shares crisis lessons from pandemic
Thai central bank’s digital payments on ‘top of the world’
Cards & Payments Thai central bank’s digital payments on ‘top of the world’

Videos

Testing

Testing

Banks expand AI adoption amidst governance challenges

Banks expand AI adoption amidst governance challenges

BSP enforces tailored cyber resilience rules for smaller institutions

BSP enforces tailored cyber resilience rules for smaller institutions

Companies urged to implement AI with focused use cases

Companies urged to implement AI with focused use cases

View more videos

Partner Sites

Asian Power
Asian Power
Asian Business Review
Asian Business Review
Healthcare Asia Magazine
Healthcare Asia Magazine
Retail Asia
Retail Asia