SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber attacks on banks are a global scourge - are you safe?
Thu, 14th Jul 2016
FYI, this story is more than a year old

New York, London, Paris, Munich — Those centers of the global economy are Ground Zero for attacks against banks, investment firms and other huge financial institutions. As the saying goes, why do criminals rob banks? That's where the money is. However, powerhouse institutions are also extremely well protected, and of course, money can be found just about everywhere in the modern world. Hackers might find it far easier to infiltrate banks in Phnom Penh as Paris, or Lhasa as London.

In short: If you are at a bank or other financial institution in APAC, perhaps in a smaller country than the biggest targets in Hong Kong, Japan, Singapore or South Korea… or if you are in one of those world-class cities but are at a small institution… you are vulnerable. Bank attacks are a global scourge, and if some think that organization is too small or too remote to be targeted, they are sadly mistaken.

Consider the recent SWIFT attacks recently discovered targeting Bangladesh, the Philippines and Vietnam. To quote from a story in the Financial Times,

Experts said on Friday that a Vietnamese bank was recently robbed by cyber criminals, using similar methods to this year's record digital theft at the Bangladesh central bank and a 2014 data breach at Sony. The global financial messaging network warns clients of ‘a wider and highly adaptive campaign'.

A spokesperson for Swift, the main group providing interbank transfer messages, said hackers bypassed risk controls at the unnamed bank to transfer undisclosed sums of money illegally.

In an audacious weekend raid that sent tremors through the world's financial and commercial banks, hackers sent 35 fake orders from Bangladesh Bank via Swift to the central bank's account at the Federal Reserve in New York. The transfers totalled $951m but the thieves made off with only $81m — making it one of the world's top 10 bank thefts. The money was sent in four batches to accounts in the Philippines.

In response, SWIFT sent a message to its customers urging:

The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims' ability to recognise the fraud.

The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.

As a matter of urgency we remind all customers again to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels. This includes everything from employee checks to password protection to cyber defences. We recommend that customers consider third party assurance reviews and, where necessary, ask your correspondent banks and service bureaux to work with you on enhanced arrangements.

State Sponsor of Bank Robberies

Cylance's team of forensics researchers has determined that a series of attacks are linked. We see consistent patterns in bank attacks against Bangladesh, the Philippines and Vietnam after identifying segments of code used in the2014 Sony Pictures breach and several 2013 attacks on South Korean companies. All three of these banking attacks are now widely believed by computer security experts to have originated from North Korea.

If the allegations are correct, this marks the first time a nation state (rogue or otherwise) has been involved in a cyberattack for purely financial gain. And it's particularly troubling that SWIFT has proven vulnerable to these attacks.

SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a highly secure network that allows financial institutions to send each other coded messages about financial transactions. SWIFT is now the backbone of most international transactions, and has set the industry standard for syntax in financial messages.

SWIFT has since publicly announced that these attacks were just one piece of a coordinated campaign against banks utilizing its network, but did not explicitly blame North Korea for the attack. It also clarified that connection points to its network had been breached, rather than the actual system itself.

In today's massively interconnected and globalized world, the SWIFT attacks spotlight the risks taken by the banking industry by relying on a single financial system made up of bank with wildly differing levels of cybersecurity. As the CEO of MasterCard recently put it: smaller banks are the weak link in the chain. After all, why bother trying to break into a big bank and circumvent their security, when you can simply break into a smaller, less well protected bank and send fake money requests to the big bank?

In the case of the Bangladesh attack, the bank's complete lack of firewalls and their use of cheap, pre-owned $10 switches to connect their own computer network to SWIFT was implicated as being key to the multi-million-dollar breach, in a cost-cutting move security experts have called "disturbing."

Math and Artificial Intelligence to the Rescue

A challenge for all institutions (and organizations like SWIFT) is that the attackers' methods and code are constantly changing. Signature-based anti-malware systems might catch a simple copycat, but sophisticated state-sponsored hackers are going to customize their weaponized software, both to increase its effectiveness and also to attempt to avoid detection. In short: Each attack may have unique code that doesn't match signatures, and which may require sophisticated mathematical analysis to detect.

The best tools for protecting against well-funded, serious breaches of banks and other financial institutions will use a mathematical- and artificial intelligence-based approach to endpoint protection. That will detect and defend against “new and improved” attack code — before the bank has been compromised.

New York, London, Paris, Munich – and Hanoi, Kathmandu, Lhasa, Vientiane. No matter where in the world, every bank, every financial institution is vulnerable against the global scourge of hacking. In today's interconnected banking world, we can't afford to ignore this issue.