A bank in Ukraine loses $10 million in a latest cyber attack which was done by exploiting the vulnerability in the bank communication network. Hackers break into the Ukranian bank internal system and submit fraud money via SWIFT(the messaging system responsible for carrying out money transfers between financial institutions worldwide.)
The Ukrainian theft is similar to a February cyber-attack in which hackers managed to steal millions of dollars from the central bank of Bangladesh. In that attack, the cyber attackers used stolen operator credentials to submit 35 fraudulent SWIFT transfer requests totalling $951 million. Five of the requests passed, and the criminals made off with $81 million funnelled through a web of offshore companies. In a statement, SWIFT said that “the attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both.”
The Ukrainian theft is similar to a February cyber-attack in which hackers managed to steal millions of dollars from the central bank of Bangladesh. In that attack, the cyber attackers used stolen operator credentials to submit 35 fraudulent SWIFT transfer requests totalling $951 million. Five of the requests passed, and the criminals made off with $81 million funnelled through a web of offshore companies. In a statement, SWIFT said that “the attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both.”
Banks in Ecuador and Vietnam also report similar cyber-attacks, suggesting that SWIFT-based threats to financial institutions may be on the rise.
News of the Ukrainian attack comes just weeks after the Federal Financial Institutions Examination Council (FFIEC) issued a statement reminding U.S. banks of the need to “actively manage the risks associated with interbank messaging and wholesale payment networks.” The FFIEC recommends that banks take the following multi-step approach to warding off SWIFT and other message-based attacks: Conduct ongoing information security risk assessments.
- Perform security monitoring, prevention, and risk mitigation.
- Protect against unauthorized access.
- Implement and test controls around critical systems regularly.
- Manage business continuity risk.
- Enhance information security awareness and training programs.
- Participate in industry information-sharing forums.
what was the date of the event this all unfolded
ReplyDelete