In BriefInvestigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system.
The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system.
The Bangladesh Bank hackers, who managed to steal $81 Million from the bank last month in one of the largest bank heists in history, actually made their tracks clear after hacking into SWIFT, the heart of the global financial system.
SWIFT, stands for the Society for Worldwide Interbank Financial Telecommunications, is a global messaging network used for most international money and security transfers.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
More than 11,000 Global Banks on HIGH ALERT!Nearly 11,000 Banks and other financial institutions around the World use SWIFT system to send securely and receive payment instructions through a standardized system of codes.
Recently, Bangladesh police investigators uncovered evidence revealing that the Bank was using second-hand $10 network switches without a Firewall to run its network, which offered hackers access to the bank's entire infrastructure, including the SWIFT servers.
Now, researchers from British defense contractor BAE Systems reported Monday that the Bangladesh Bank hackers used a piece of sophisticated, custom-made malware to manipulate logs and erase the history of the fraudulent transactions, which even prevent printers from printing the fraudulent transactions.
The malware also has the capability to intercept and destroy incoming messages confirming the money transfers. These malware capabilities prevented hackers to remain undetected.
"This malware appears to be just part of a wider attack toolkit and would have been used to cover the attackers' tracks as they sent forged payment instructions to make the transfers," security researcher Sergei Shevchenko wrote in a blog post.
When and How Did They Get Detected?The hackers had attempted to steal $951 Million in total from Bangladesh central bank account at the Federal Reserve Bank of New York using fraudulent transactions, but a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds.
The BAE researchers believe the malware used to target Alliance Access, a piece of software that allows banks to connect to the SWIFT network.
According to SWIFT's official website, Alliance Access has more than 2,000 installations worldwide. So even though the SWIFT financial system is used by around 11,000 banks and financial institutions, all of them are not affected by the notorious malware.
"By modifying the local instance of SWIFT Alliance Access software, the malware grants itself the ability to execute database transactions within the victim network," Shevchenko said.
SWIFT To Issue Emergency Security UpdateMeanwhile, Brussels-based SWIFT confirmed to Reuters that the company was aware of the nasty malware used to target its client software and that it would roll out a security software update on Monday to fix the issue, along with a special warning to financial institutions.
SWIFT Spokeswoman Natasha Deteran said the software update was intended "to assist customers in enhancing their security and to spot inconsistencies in their local database records."