Story image

Bank Negara Malaysia stops SWIFT fraud in its tracks

09 Apr 2018

It was a case of swift action that stopped a major cybersecurity incident at Bank Negara Malaysia late last month, after a collaborative effort stopped SWIFT message fraud in its tracks.

According to the bank, falsified SWIFT messages were used to attempt unauthorized fund transfers, however a collaboration between SWIFT, central banks and financial institutions managed to block the transfers.

Bank Negara Malaysia did experience any financial loss, disruption to services or other payment systems at the time.

“The Bank is presently conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident.”

Bank Negara Malaysia says that its risk control measures effectively stopped the damage this time, but it is putting in place additional safeguards to protect stakeholders.

“The Bank will also remain on high alert and always be on a state of readiness as future incidents will likely involve a higher degree of sophistication and design.”

It warns other financial institutions to be vigilant about their cybersecurity and to continue strengthening defences.

“Bank Negara Malaysia would like to assure members of the public that the Malaysian payment and settlement systems remained unaffected and continue to operate normally.”

Reports suggest that SWIFT cyber attacks are becoming more common around the world and in Asia.

In October 2017, cyber attackers stole more than US$60 million from the Far Eastern International Bank in Taiwan through a SWIFT attack.

The attack used malware to gain access to the bank’s SWIFT terminals, which then transferred the stolen funds.

Earlier this year SWIFT held a data security challenge for Australian students, with the aim of finding secure ways to protect data in an open banking environment.

“The issue of how to keep personal information safe in an open environment is increasingly a question that banks are trying to tackle as open banking becomes more prevalent. This competition will challenge students to provide innovative solutions to this global industry issue. We look forward to seeing the practical concepts that are offered,” commented SWIFT Institute director Peter Ware at the time.

Bank Negara Malaysia has also warned Malaysians to watch out for fake certification programmes related to blockchain assets, crypto assets and FinTech.

A fake certificate uses the Bank Negara Malaysia and University of Malaya as fraudulent logos.

“BNM does not recognise these certificate holders who use such documentation in offering consultation services. Members of the public are advised to verify the validity of any certification programme before registering,” Bank Negara Malaysia says.

“Digital currencies are not legal tender in Malaysia. Members of the public are advised to exercise caution before investing in crypto-related assets,” Bank Negara Malaysia concludes.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.