SWIFT: Second bank hit by malware attack
NEW YORK (Reuters) - SWIFT, the global financial messaging network that banks use to move billions of dollars every day, warned on Thursday of a second malware attack similar to the one that led to February's $81 million cyber heist at the Bangladesh central bank.
The second case targeted a commercial bank, SWIFT spokeswoman Natasha de Teran said, without naming it. It was not immediately clear how much money, if any, was stolen in the second attack.
While SWIFT had previously warned that the Bangladesh heist was not an isolated incident, and said its core messaging system remained intact, confirmation of a second attack on a bank will likely increase scrutiny on the security of a network that is a linchpin of the global financial system.
SWIFT said in a statement that the attackers exhibited a "deep and sophisticated knowledge of specific operational controls" at targeted banks and may have been aided by "malicious insiders or cyber attacks, or a combination of both."
The organization, a Belgian co-operative owned by member banks and used by 11,000 financial institutions globally, said that forensic experts believe the second case showed that the Bangladesh heist "was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks."
News of a second case comes as authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that that scheme involved altering SWIFT software to hide evidence of fraudulent transfers, but that the messaging system it controls was not compromised.
In both cases SWIFT said insiders or cyber attackers had succeeded in penetrating the targeted banks' systems, obtaining user credentials and submitting fraudulent SWIFT messages that correspond with transfers of money.
In the second case SWIFT said attackers had also used a kind of malware called a "Trojan PDF reader" to manipu- late PDF reports confirming the messages in order to hide their tracks.
In Frankfurt, SWIFT's chief executive said on Thursday SWIFT's payment network was not hacked in the $81-million heist on the Bangladesh central bank earlier this year, adding it was unlikely to be the last such attack on a bank.
Gottfried Leibbrandt said SWIFT's network, used by firms and institutions across the world to exchange information about financial transactions, had not been violated during the cyber attack, in which funds were stolen from a Bangladesh central bank account at the New York Fed in February.
Security researchers at British defence contractor BAE Systems said last month the hackers had manipulated SWIFT's Alliance Access server software, which banks use to interface with SWIFT's messaging platform, in a bid to cover up the fraudulent transfers they had ordered.
"At the end of the day we weren't breached, it was from our perspective a customer fraud," Leibbrandt said at a financial conference in Frankfurt.
"I don't think it was the first, I don't think it will be the last."
The SWIFT messaging network is used by commercial and central banks including the Fed and the ECB.
SWIFT, a cooperative owned by 3,000 financial institutions, has rejected allegations by officials in Bangladesh that its technicians made the Asian country's central bank more vulnerable to hacking before the heist, one of the biggest ever cyber swindles.
Bangladeshi police and a central bank official told Reuters the SWIFT technicians introduced security loopholes when connecting the messaging network to Bangladesh's first real-time gross settlement (RTGS) system.
Reuters has not been able to independently verify the allegations.
In a letter to users dated May 3, SWIFT told its bank customers that they were responsible for securing computers used to send messages over its network.
Representatives from SWIFT, the Federal Reserve Bank of New York and the Bangladesh Bank met in Basel on Tuesday and promised to cooperate to recover the stolen funds, following weeks of accusations over who is to blame.
Malicious software used in February's $81 million heist at Bangladesh Bank is linked to other cyber attacks, including the high-profile 2014 attack on Sony's Hollywood studio, according to a new report from cyber security firm BAE Systems.
"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," BAE's cyber-security team said in the report it plans to release on Friday.
Reuters was not able to independently verify the report from BAE, which last month released the first public analysis of malware used in the attack on Bangladesh Bank. BAE, which is not one of the security firms that Bangladesh Bank hired to help with forensics, said it found the malware on its own by combing through repositories that collect samples of malicious files.