Indias City Union Bank, a small private lender, said on Feb 18, 2018 that cyber criminals had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. Chief Executive Officer N. Kamakodi called it a conspiracy involving multiple countries, and added the lender was still investigating how it had happened. The bank had discovered the three fraudulent remittances, which were sent via correspondent banks to accounts in Dubai, Turkey and China.
Similar Tactics
Hackers who tried to steal nearly $2 million from Indias City Union Bank this month used tactics similar to those employed in the unsolved cyber heist of $81 million from Bangladeshs central bank in 2016, Citys CEO said on Monday.
The unknown hackers disabled the City printer connected to global paymentsplatform SWIFT on Feb. 6, preventing the bank from receiving acknowledgement messages for the transactions. Nobody suspected that it was an attack and thought it was a systemic network failure. The next morning, bank officials managed to reconcile the previous days transactions and found three transactions which were not originated from our bank N. Kamakodi told Reuters.
In the case of Bangladesh Bank, hackers infected the system with malware that disabled the SWIFT printer. Bank officials in Dhaka initially assumed there was simply a printer problem.
Unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system, the Russian central bank said on Feb 16, 2018.
Digital heists are becoming increasingly prominent as hackers use more sophisticated tools and hacking techniques to launch new attacks, underscoring the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily, linking more than 11,000 financial institutions in more than 200 countries and reaching an all-time high of 7.1 billion messages in 2017, fuelled by double-digit growth in global payments.
“The threat is very persistent, adaptive and sophisticated and it is here to stay,” SWIFT said in the November 2016 letter to client banks, seen by Reuters.
How did they do it?
SWIFT continues to share insights on Modus Operandi and Indicators of Compromise, but we also continue to see the same basic patterns. In almost all cases, insiders have played a role intentionally or unintentionally:
- Customers local environment is compromised
- Valid operator credentials are obtained that have the authority to create, approve and submit SWIFT messages from customers’ back-offices or from their local interfaces to the SWIFT network.
- Fraudulent messages are submitted
- Subsequently attempts are made to remove traces of messages to hide the evidence
From January 1 2018, financial institutions that use SWIFT will have to comply with a new customer security controls framework that aims to establish a baseline for security. All controls are articulated around three overarching objectives:
- Secure your environment
- Know and Limit Access
- Detect and Respond
We must know…
Compliance is not a silver bullet in ensuring you are cyber resilient. Customers need to consider detection and response in addition to securing and protecting their environment. These best practices should be applied not only to the SWIFT infrastructure but the full end-to-end transaction ecosystem within their firms, including payments, securities trade and treasury.
In protecting against cyber attacks, customers must consider both insider as well as outsider threats the attacks will not necessarily be perpetrated by remote outsiders, malicious insiders present just as much risk.
Most common vulnerabilities among the firms:
- Lack of Security Awareness
- Lack of user privilege segregation
- Poor password policies
- Inadequate logical access controls based on need-to-know, least privilege, and segregation of duties
- Shortcomings in personnel vetting
Sources:
https://www.reuters.com
https://www.swift.com/myswift/customer-security-programme-csp/security-controls
https://www.cityunionbank.com/downloads/Press_Release_swift.pdf
About RSI Security
RSI is the nation’s premier information security and compliance provider dedicated to helping organizations achieve risk-management success. We work with some of the world’s leading companies, institution and governments to ensure the safety of their information and their compliance with applicable regulation. We also are a security and compliance software ISV and stay at the forefront of innovative tools to save assessment time, increase compliance and provide additional safeguard assurance. With a unique blend of software based automation and managed services, RSI can assist all sizes of organizations in managing IT governance, Risk management and compliance efforts (GRC).
Get A Free Cyber Risk Report
Hackers don’t rest, neither should you. Identify your organization’s cybersecurity weaknesses before hackers do. Upon filling out this brief form you will be contacted by one of our representatives to generate a tailored report.