Hackers have reportedly stolen $10 Million from an unnamed bank in Ukraine by exploiting the SWIFT international banking system, according to an independent IT monitoring organization called the Information Systems Audit and Control Association (ISACA).
Swift or the Society for Worldwide Interbank Financial Telecommunication is the global banking messaging system responsible for managing Billions of dollars in money transfers each day between financial institutions worldwide.
The ISACA branch in Ukraine, who has been hired by the targeted bank to investigate the heist, disclosed that some unknown hackers were able to compromise the bank's security in similar way they hacked Bangladesh central bank and stole $81m (£56m), the Kyiv Post reports.
"At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars," ISACA reportedly said in a release.The Swift hackers have already made a number of victims, including Bangladesh central bank, the Banco del Austro (BDA) bank in Ecuador and an unnamed commercial bank.
Also Read: How did Bank Hackers Go Undetected?
In February, Swift hackers managed to steal $81 Million cyberheist at the Bangladesh central bank’s account in the New York Federal Reserve through by hacking into SWIFT network using a piece of malware that manipulated logs and erased the fraudulent transactions history, and even prevented printers from printing those transactions.
The second incident targeted an unnamed commercial bank where malware installed on SWIFT was used against the banks' PDF reader which was being used by the bank to check statement messages.
An Ecuadorian bank called Banco del Austro (BDA) also lost about $12 million in the cyber heist carried out at the beginning of last year by attacking the Swift global network.
In all incidents, the hackers have exploited flaws in banks funds' transfer initiation environments, before messages being sent over SWIFT.
Here’s how Swift hackers target banks:
- Uses malware to circumvent local security systems of a target bank.
- Gains access to the SWIFT international messaging network.
- Sends fraudulent messages via SWIFT to initiate money transfers from accounts at larger banks.
The recently attacked bank in question had not yet been named, as investigators are restricted by strict non-disclosure agreements until the Ukrainian bank itself agrees to go public with information.