The financial sector is facing no ordinary challenge here. It needs to put up a powerful front for its customers and reassure them that it has opted for an optimal cyber-defence strategy. Even the smallest of attacks can impact not only bank operations, but also the institutional brand. The scale is now tipping in the favor of innovative cybersecurity tools, based on Big Data analytics and behavioral models.
The financial sector under siege from vicious banking malware @ReveeliumBlog
1. The financial sector under siege from vicious banking malware
Cybercriminals have been working hard on this one. In the recent case of the Bangladeshi bank heist,
hackers managed to steal $81 million (roughly €71.5 million) before anyone could even blink an eye
at what was happening. While all this was happening in February, it took almost one month for details
about the malware modus operandi to be publicly released.
As it turns out, the whole attack was made possible through a combination of the bank’s poor security
practices and the exploitation of the interbank payment software – SWIFT (Society for Worldwide
Interbank Financial Telecommunication). Over 11,000 financial institutions in 209 countries are linked
by SWIFT, which is why the news exploded last Monday when SWIFT urged all of its clients to update
their software with a new security update released, unwittingly admitting to the chink in their armor. To
bring a little humor to the situation, as Ron Burgundy would say: ‘Boy, that escalated quickly’. This
one security breach now stands to threaten more than 11,000 banking organizations.
While the identity of the attackers remains unknown to date, the campaign would have reached
exorbitant amounts if it weren’t for one tiny slip: a typo. Good thing our hackers were apparently lacking
auto-correct. Having misspelled ‘foundation’ as ‘fandation’ while transferring cash from Bangladesh’s
account at the Federal Reserve Bank of New York to other banks, the mistake prompted a routing
bank, Deutsche Bank, to signal the suspicious error. The Bangladesh central bank immediately
stopped the transaction, impeding $870 million of other attempted transactions. Close call.
“See no evil, hear no evil, speak no evil” [1]
How did things go so inherently south? It’s a question experts are still struggling to answer. It is known
that the vicious malware was inserted to begin with into the Bangladeshi bank’s SWIFT terminal due
to the institution’s faulty security. As surprising as it might sound to some of you, the central bank of
Bangladesh was lacking a firewall. I’ll just let that sink in for a moment. Lacking basic security
protection? In an international banking environment? In the words of Austin Powers, ‘I too like to live
dangerously’. Without a solid security solution to protect their network against increasingly
sophisticated hacks, businesses everywhere don’t stand a chance, let alone those dealing with money
transactions.
Moving on, the malware identified as “evtdiag.exe”, once up and running, started meddling with
information in the SWIFT database. Impressingly so, it also covered its tracks by bypassing physical
safeguards of the bank’s system, printing fake transaction confirmations in order to hide the scam from
the scammed for as long as possible. The level of diligence the hackers took in preparing this heist is
extensive and raises concerns at a global level. It appears the malware was only a part of the entire
cyber-attack toolkit – an authentic Advanced Persistent Threat. Using the perfect cover-up, it
registered as a service operating within the SWIFT software. This is concrete evidence that hacking
is becoming more refined with each target. Custom-made malware for custom-provided security (or in
this case, the lack there of).
2. Why businesses need to put their money where their mouth is
Although CEOs and CFOs of financial institutions view, in theory, cybersecurity as a high-potential
risk, they unfortunately lack a long-term vision needed to achieve full awareness on the topic.
According to a PwC study, cybercrime remains an underestimated subject in the FS (Financial
Services) environment: 54% of CEOs and 49% of CFOs believe that it is unlikely their organizations
will experience a breach.
The Bangladeshi bank scheme could be easily replicated, using the same stealthy strategy, experts
say. Therefore, all financial institutions running SWIFT or similar software are advised to review their
security and ensure that they’re not leaving the door wide open for hackers. Simply identifying attacks
of such nature and dealing with the consequences later is, quite frankly, not an option anymore.
The financial sector is facing no ordinary challenge here. It needs to put up a powerful front for its
customers and reassure them that it has opted for an optimal cyber-defence strategy. Even the
smallest of attacks can impact not only bank operations, but also the institutional brand. The scale is
now tipping in the favor of innovative cybersecurity tools, based on Big Data analytics and behavioral
models. Recognizing cybercrime as a widespread and aggressive issue, ITrust has developed
Reveelium, a solution capable of extracting actionable security insights from huge amounts of data.
Much like real-life criminals, hackers leave traces – these traces are barely noticeable, but they’re still
there. With the help of its machine learning technologies, Reveelium identifies the clues left behind an
advanced persistent threat, clues that would otherwise be lost in the collection of divergent data
sources.
[1] Three Wise Monkeys proverb – In the Western world it is often used to refer to a lack of moral
responsibility on the part of people who refuse to acknowledge impropriety, looking the other way or
feigning ignorance.
Link:
https://www.reveelium.com/en/banking-malware-siege/