Story image

Bank Negara Malaysia stops SWIFT fraud in its tracks

09 Apr 18

It was a case of swift action that stopped a major cybersecurity incident at Bank Negara Malaysia late last month, after a collaborative effort stopped SWIFT message fraud in its tracks.

According to the bank, falsified SWIFT messages were used to attempt unauthorized fund transfers, however a collaboration between SWIFT, central banks and financial institutions managed to block the transfers.

Bank Negara Malaysia did experience any financial loss, disruption to services or other payment systems at the time.

“The Bank is presently conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident.”

Bank Negara Malaysia says that its risk control measures effectively stopped the damage this time, but it is putting in place additional safeguards to protect stakeholders.

“The Bank will also remain on high alert and always be on a state of readiness as future incidents will likely involve a higher degree of sophistication and design.”

It warns other financial institutions to be vigilant about their cybersecurity and to continue strengthening defences.

“Bank Negara Malaysia would like to assure members of the public that the Malaysian payment and settlement systems remained unaffected and continue to operate normally.”

Reports suggest that SWIFT cyber attacks are becoming more common around the world and in Asia.

In October 2017, cyber attackers stole more than US$60 million from the Far Eastern International Bank in Taiwan through a SWIFT attack.

The attack used malware to gain access to the bank’s SWIFT terminals, which then transferred the stolen funds.

Earlier this year SWIFT held a data security challenge for Australian students, with the aim of finding secure ways to protect data in an open banking environment.

“The issue of how to keep personal information safe in an open environment is increasingly a question that banks are trying to tackle as open banking becomes more prevalent. This competition will challenge students to provide innovative solutions to this global industry issue. We look forward to seeing the practical concepts that are offered,” commented SWIFT Institute director Peter Ware at the time.

Bank Negara Malaysia has also warned Malaysians to watch out for fake certification programmes related to blockchain assets, crypto assets and FinTech.

A fake certificate uses the Bank Negara Malaysia and University of Malaya as fraudulent logos.

“BNM does not recognise these certificate holders who use such documentation in offering consultation services. Members of the public are advised to verify the validity of any certification programme before registering,” Bank Negara Malaysia says.

“Digital currencies are not legal tender in Malaysia. Members of the public are advised to exercise caution before investing in crypto-related assets,” Bank Negara Malaysia concludes.

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.