In February, $81 Million cyberheist at the Bangladesh central bank was carried out by hacking into SWIFT, the global financial messaging system that thousands of banks and companies around the world use to transfer billions of dollars every day.
However, the hackers behind the cyber heist appear to be part of a comprehensive online attack on global banking and financial infrastructure.
The second attack involving SWIFT targeted a commercial bank, which the company declined to identify. SWIFT also did not immediately clear how much money, if any, was stolen in the attack.
However, SWIFT spokeswoman Natasha de Teran said that the second attack and the Bangladesh bank heist contained numerous similarities and were very likely part of a "wider and highly adaptive campaign targeting banks," the NY Times reported.
The malware involved in the Bangladesh cyber heist was used to manipulate logs and erase the history of the fraudulent transactions, and even prevented printers from printing the fraudulent transactions.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The malware used in the attack also has the capability to intercept and destroy incoming messages confirming the money transfers, preventing hackers to remain undetected.
SWIFT said in a statement that the attackers clearly exhibited "a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both."News of a second attack involving SWIFT comes as law enforcement authorities in Bangladesh and elsewhere investigate the February's $81 Million cyberheist at the Bangladesh central bank account at the New York Federal Reserve Bank.
The hackers had attempted to steal $951 Million in total from Bangladesh central bank account using fraudulent transactions, but a simple typo by hackers halted the further transfers of the $850 Million funds.
SWIFT has acknowledged that the scheme involved Bangladesh cyberheist did not harm its core messaging system.
However in both the cases, insiders or hackers had successfully penetrated the targeted banks' systems, pilfering user credentials and submitting fraudulent messages that correspond with money transfers.