Story image

Bank Negara Malaysia stops SWIFT fraud in its tracks

09 Apr 2018

It was a case of swift action that stopped a major cybersecurity incident at Bank Negara Malaysia late last month, after a collaborative effort stopped SWIFT message fraud in its tracks.

According to the bank, falsified SWIFT messages were used to attempt unauthorized fund transfers, however a collaboration between SWIFT, central banks and financial institutions managed to block the transfers.

Bank Negara Malaysia did experience any financial loss, disruption to services or other payment systems at the time.

“The Bank is presently conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident.”

Bank Negara Malaysia says that its risk control measures effectively stopped the damage this time, but it is putting in place additional safeguards to protect stakeholders.

“The Bank will also remain on high alert and always be on a state of readiness as future incidents will likely involve a higher degree of sophistication and design.”

It warns other financial institutions to be vigilant about their cybersecurity and to continue strengthening defences.

“Bank Negara Malaysia would like to assure members of the public that the Malaysian payment and settlement systems remained unaffected and continue to operate normally.”

Reports suggest that SWIFT cyber attacks are becoming more common around the world and in Asia.

In October 2017, cyber attackers stole more than US$60 million from the Far Eastern International Bank in Taiwan through a SWIFT attack.

The attack used malware to gain access to the bank’s SWIFT terminals, which then transferred the stolen funds.

Earlier this year SWIFT held a data security challenge for Australian students, with the aim of finding secure ways to protect data in an open banking environment.

“The issue of how to keep personal information safe in an open environment is increasingly a question that banks are trying to tackle as open banking becomes more prevalent. This competition will challenge students to provide innovative solutions to this global industry issue. We look forward to seeing the practical concepts that are offered,” commented SWIFT Institute director Peter Ware at the time.

Bank Negara Malaysia has also warned Malaysians to watch out for fake certification programmes related to blockchain assets, crypto assets and FinTech.

A fake certificate uses the Bank Negara Malaysia and University of Malaya as fraudulent logos.

“BNM does not recognise these certificate holders who use such documentation in offering consultation services. Members of the public are advised to verify the validity of any certification programme before registering,” Bank Negara Malaysia says.

“Digital currencies are not legal tender in Malaysia. Members of the public are advised to exercise caution before investing in crypto-related assets,” Bank Negara Malaysia concludes.

Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.