The hacking team behind the Bangladesh Central Bank theft accessed funds by accessing SWIFT through specifically written malware.
The hacking team that perpetrated a theft of $81 million from the Central Bank of Bangladesh are said to have breached the SWIFT software to access the funds.
Reuters is reporting from British defense contractor BAE Systems, which confirmed SWIFT was hacked and that the success means the criminals will likely target other institutions and strike again.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has 11,000 organization members and is a network that is used by financial institutions to manage information regarding transactions.
In response to the Reuters report, the SWIFT organization said to the same outlet that it is aware of a malware that targeted its software. An update as patched the breach SWIFT said, while it has warned financial institutions to be vigilant.
BAE says that the cybercriminals hacked SWIFT by breaching the Alliance Access software, which connects financial institutions with the SWIFT messaging system. This allowed the criminals to delete fraudulent transactions, although it has not been confirmed how those bogus transactions were originally made.
It is likely, according to investigators, that the hackers used stolen account credentials from the Central Bank’s system to access SWIFT. This allowed the requests to look legitimate, especially as they came from correct bank codes.
“I can’t think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile,” Adrian Nish, BAE’s head of threat intelligence said.
BAE researchers point out that this malware attack was specific and that the criminals wrote the malware for the sole purpose of hacking the Bangladesh Central Bank. Nevertheless, Nish says it has now proven successful and cybercriminals may attempt to replicate the process at other financial institutions in the future.
Speaking to Reuters, SWIFT’s Natasha Deteran said software has been updated “to assist customers in enhancing their security and to spot inconsistencies in their local database records … The malware has no impact on SWIFT’s network or core messaging services.”
The February theft could have been worse as the cybercriminals attempted to take $951 million from the Central Bank at the US Federal Reserve Bank of New York. Most the payments were thwarted, but $81 million made it through to accounts traced to the Philippines.