Story image

Bank Negara Malaysia stops SWIFT fraud in its tracks

09 Apr 18

It was a case of swift action that stopped a major cybersecurity incident at Bank Negara Malaysia late last month, after a collaborative effort stopped SWIFT message fraud in its tracks.

According to the bank, falsified SWIFT messages were used to attempt unauthorized fund transfers, however a collaboration between SWIFT, central banks and financial institutions managed to block the transfers.

Bank Negara Malaysia did experience any financial loss, disruption to services or other payment systems at the time.

“The Bank is presently conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident.”

Bank Negara Malaysia says that its risk control measures effectively stopped the damage this time, but it is putting in place additional safeguards to protect stakeholders.

“The Bank will also remain on high alert and always be on a state of readiness as future incidents will likely involve a higher degree of sophistication and design.”

It warns other financial institutions to be vigilant about their cybersecurity and to continue strengthening defences.

“Bank Negara Malaysia would like to assure members of the public that the Malaysian payment and settlement systems remained unaffected and continue to operate normally.”

Reports suggest that SWIFT cyber attacks are becoming more common around the world and in Asia.

In October 2017, cyber attackers stole more than US$60 million from the Far Eastern International Bank in Taiwan through a SWIFT attack.

The attack used malware to gain access to the bank’s SWIFT terminals, which then transferred the stolen funds.

Earlier this year SWIFT held a data security challenge for Australian students, with the aim of finding secure ways to protect data in an open banking environment.

“The issue of how to keep personal information safe in an open environment is increasingly a question that banks are trying to tackle as open banking becomes more prevalent. This competition will challenge students to provide innovative solutions to this global industry issue. We look forward to seeing the practical concepts that are offered,” commented SWIFT Institute director Peter Ware at the time.

Bank Negara Malaysia has also warned Malaysians to watch out for fake certification programmes related to blockchain assets, crypto assets and FinTech.

A fake certificate uses the Bank Negara Malaysia and University of Malaya as fraudulent logos.

“BNM does not recognise these certificate holders who use such documentation in offering consultation services. Members of the public are advised to verify the validity of any certification programme before registering,” Bank Negara Malaysia says.

“Digital currencies are not legal tender in Malaysia. Members of the public are advised to exercise caution before investing in crypto-related assets,” Bank Negara Malaysia concludes.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.