A series of spectacular cyberattacks against banks, resulting in the theft of tens of millions of dollars, has heightened fears for an industry becoming an increasingly attractive target for hackers.
Banks in Bangladesh, the Philippines, Vietnam and Ecuador have been victimized over the past year in the attacks on the Society for Worldwide Interbank Financial Telecommunication (SWIFT), and some analysts expect more attacks to become public.
After news of the US$81 million heist from Bangladesh’s central bank became public in May, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
Since then, officials said banks have also been hit in the Philippines and Vietnam.
Meanwhile, Ecuador’s Banco del Austro claimed in a lawsuit that hackers made off with more than US$9 million through fraudulent SWIFT transfer requests.
Cybersecurity specialists say these attacks are likely just the tip of the iceberg and expect more revelations.
“Cybercriminals are no longer targeting grandmothers at home for small amounts, but going directly where the money is,” said Juan Andres Guerrero-Saade, a researcher with the security firm Kaspersky Lab.
Guerrero-Saade said it is not clear where the attacks are coming from, but that the hackers are using techniques similar to those developed for cyberespionage.
“I don’t think this implies it’s nation-states, it’s more of an evolution,” the analyst said. “It’s criminal actors taking on some of those techniques.”
Kaspersky researchers last year uncovered a hacker group that targeted banks in Eastern Europe, estimating losses totaling up to US$1 billion.
Dan Guido, co-founder of the security firm Trail of Bits and hacker-in-residence at New York University’s engineering school, said the recent security breaches are not surprising.
“I didn’t think it would take this long,” Guido said. “There are a large number of attacks like this possible if someone has the resources to do it.”
Guido said a relatively small team of determined hackers could carry out the kind of hacks that went through SWIFT, a Brussels-based network which is used by more than 11,000 financial institutions in 200 countries.
The blame, Guido said, rests squarely with SWIFT for failing to bolster its software or require more secure hardware.
“It’s clearly within their control to have prevented incidents like this,” Guido said.
“They could have had more aggressive security requirements, they could have had protective hardware,” he said.
On July 11, SWIFT announced it had hired cybersecurity firms BAE Systems PLC and Fox-IT while creating its own security intelligence team in an effort to thwart attacks.
In the US, concerns have been raised among officials, industry leaders and lawmakers about potential threats to banks from hackers.
Data breaches in the past affected tens of millions of JPMorgan Chase & Co customers, and accounts from financial giant Morgan Stanley.
A congressional report last month found “major data breaches” at the Federal Deposit Insurance Corp.
The American Bankers Association this month joined with other financial and security organizations to warn of possible risks.
“While recent events targeted national financial institutions with access to a global payment network, financial institutions should assess the risk of all critical systems to ensure appropriate controls are in place,” the warning said, calling for a series of new controls and safeguards against cyberattacks.
Christiaan Beek of Intel Corp’s McAfee Labs said the hackers that targeted SWIFT were well-organized and resourceful.
“We can see that the attackers have done their reconnaissance properly and may have used an insider to get the details they needed to prepare their attack,” Beek said in a blog post.
“The attackers have a very good understanding of the SWIFT messaging system and how to manipulate the system to prevent the detection of their fraudulent attempts of transferring the money,” he said.
Researchers at the security firm Symantec concluded that malware used in the bank hacks shared code with that used in the massive 2014 cyberattack against Sony Pictures Entertainment Inc.
Guido said it is entirely plausible that US banks could face similar attacks.
“I don’t see why it can’t happen here,” he said. “There are a lot of smaller banks that don’t have expertise and guidance to protect their interconnections.”
Guerrero-Saade said a key part of staying ahead of hackers is sharing information about threats to enable security solutions, since many companies fear disclosure would hurt their business.
“Sadly most companies don’t tend to be very forward-looking, they think that if they don’t sound the bell themselves no one will find out,” he said.
“It’s much better for us to get ahead of this as an international community,” he added.
ISSUES: Gogoro has been struggling with ballooning losses and was recently embroiled in alleged subsidy fraud, using Chinese-made components instead of locally made parts Gogoro Inc (睿能創意), the nation’s biggest electric scooter maker, yesterday said that its chairman and CEO Horace Luke (陸學森) has resigned amid chronic losses and probes into the company’s alleged involvement in subsidy fraud. The board of directors nominated Reuntex Group (潤泰集團) general counsel Tamon Tseng (曾夢達) as the company’s new chairman, Gogoro said in a statement. Ruentex is Gogoro’s biggest stakeholder. Gogoro Taiwan general manager Henry Chiang (姜家煒) is to serve as acting CEO during the interim period, the statement said. Luke’s departure came as a bombshell yesterday. As a company founder, he has played a key role in pushing for the
China has claimed a breakthrough in developing homegrown chipmaking equipment, an important step in overcoming US sanctions designed to thwart Beijing’s semiconductor goals. State-linked organizations are advised to use a new laser-based immersion lithography machine with a resolution of 65 nanometers or better, the Chinese Ministry of Industry and Information Technology (MIIT) said in an announcement this month. Although the note does not specify the supplier, the spec marks a significant step up from the previous most advanced indigenous equipment — developed by Shanghai Micro Electronics Equipment Group Co (SMEE, 上海微電子) — which stood at about 90 nanometers. MIIT’s claimed advances last
EUROPE ON HOLD: Among a flurry of announcements, Intel said it would postpone new factories in Germany and Poland, but remains committed to its US expansion Intel Corp chief executive officer Pat Gelsinger has landed Amazon.com Inc’s Amazon Web Services (AWS) as a customer for the company’s manufacturing business, potentially bringing work to new plants under construction in the US and boosting his efforts to turn around the embattled chipmaker. Intel and AWS are to coinvest in a custom semiconductor for artificial intelligence computing — what is known as a fabric chip — in a “multiyear, multibillion-dollar framework,” Intel said in a statement on Monday. The work would rely on Intel’s 18A process, an advanced chipmaking technology. Intel shares rose more than 8 percent in late trading after the
GLOBAL ECONOMY: Policymakers have a choice of a small 25 basis-point cut or a bold cut of 50 basis points, which would help the labor market, but might reignite inflation The US Federal Reserve is gearing up to announce its first interest rate cut in more than four years on Wednesday, with policymakers expected to debate how big a move to make less than two months before the US presidential election. Senior officials at the US central bank including Fed Chairman Jerome Powell have in recent weeks indicated that a rate cut is coming this month, as inflation eases toward the bank’s long-term target of two percent, and the labor market continues to cool. The Fed, which has a dual mandate from the US Congress to act independently to ensure