Mon, Jul 25, 2016 - Page 15 News List

Hacks raise fears for financial sector

FAMILIAR:Security firm Symantec said that the malware used in bank hacks shared code with that used in 2014’s cyberattack against Sony Pictures Entertainment Inc


A series of spectacular cyberattacks against banks, resulting in the theft of tens of millions of dollars, has heightened fears for an industry becoming an increasingly attractive target for hackers.

Banks in Bangladesh, the Philippines, Vietnam and Ecuador have been victimized over the past year in the attacks on the Society for Worldwide Interbank Financial Telecommunication (SWIFT), and some analysts expect more attacks to become public.

After news of the US$81 million heist from Bangladesh’s central bank became public in May, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”

Since then, officials said banks have also been hit in the Philippines and Vietnam.

Meanwhile, Ecuador’s Banco del Austro claimed in a lawsuit that hackers made off with more than US$9 million through fraudulent SWIFT transfer requests.

Cybersecurity specialists say these attacks are likely just the tip of the iceberg and expect more revelations.

“Cybercriminals are no longer targeting grandmothers at home for small amounts, but going directly where the money is,” said Juan Andres Guerrero-Saade, a researcher with the security firm Kaspersky Lab.

Guerrero-Saade said it is not clear where the attacks are coming from, but that the hackers are using techniques similar to those developed for cyberespionage.

“I don’t think this implies it’s nation-states, it’s more of an evolution,” the analyst said. “It’s criminal actors taking on some of those techniques.”

Kaspersky researchers last year uncovered a hacker group that targeted banks in Eastern Europe, estimating losses totaling up to US$1 billion.

Dan Guido, co-founder of the security firm Trail of Bits and hacker-in-residence at New York University’s engineering school, said the recent security breaches are not surprising.

“I didn’t think it would take this long,” Guido said. “There are a large number of attacks like this possible if someone has the resources to do it.”

Guido said a relatively small team of determined hackers could carry out the kind of hacks that went through SWIFT, a Brussels-based network which is used by more than 11,000 financial institutions in 200 countries.

The blame, Guido said, rests squarely with SWIFT for failing to bolster its software or require more secure hardware.

“It’s clearly within their control to have prevented incidents like this,” Guido said.

“They could have had more aggressive security requirements, they could have had protective hardware,” he said.

On July 11, SWIFT announced it had hired cybersecurity firms BAE Systems PLC and Fox-IT while creating its own security intelligence team in an effort to thwart attacks.

In the US, concerns have been raised among officials, industry leaders and lawmakers about potential threats to banks from hackers.

Data breaches in the past affected tens of millions of JPMorgan Chase & Co customers, and accounts from financial giant Morgan Stanley.

A congressional report last month found “major data breaches” at the Federal Deposit Insurance Corp.

The American Bankers Association this month joined with other financial and security organizations to warn of possible risks.

“While recent events targeted national financial institutions with access to a global payment network, financial institutions should assess the risk of all critical systems to ensure appropriate controls are in place,” the warning said, calling for a series of new controls and safeguards against cyberattacks.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top