The Financial Supervisory Commission (FSC) on Thursday shed further light on information security shortcomings at Far Eastern International Bank (遠東商銀) that led to what could have been a US$60 million cyberheist.
The lender’s systems were breached because it did not complete required standard operating procedures, the commission said, citing findings from a preliminary investigation shortly after the hack was reported.
The bank had failed to abide by the principal of least privilege, a fundamental concept in information security entailing that user accounts should be given the minimum level of clearance to perform the tasks that they have been assigned.
Instead, the bank’s system administrators granted more “superuser” accounts than necessary out of day-to-day convenience, the commission said.
That made it easier for hackers to compromise the system, as they had more targets to infiltrate to gain high-level access on the system.
In addition, the lender did not have adequate network segmentation for their connection node to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, which is used by financial institutions to send and receive financial transaction information across the globe.
While guidelines required network segmentation for both workstation computers and servers, the bank only had fulfilled the requirement for its workstations, the commission said.
In the absence of network segmentation, the hackers were able to distract the bank with attacks to its system’s running services — such as online banking, ATMs and credit cards — while their intended target was the lender’s connection to the SWIFT system, the commission said, adding that lapses in internal control measures, such as transaction approvals, also slowed detection of the cyberattack.
Criminal Investigation Bureau section chief Chiu Shao-chou (邱紹洲) yesterday told a news conference in Taipei that Sri Lankan police arrested two of the five suspects allegedly involved in the cyberheist and that 99.74 percent of the lost money had either been recovered or at least frozen.
POOR INTERNAL CONTROLS: Insurance Bureau Director-General Shih Chiung-hwa said the company is expected to get back on track while its chairman is suspended The Financial Supervisory Commission (FSC) yesterday fined Shin Kong Life Insurance Co (新光人壽) NT$27.6 million (US$939,415) for a reckless investment that endangered its solvency, and suspended its chairman Eugene Wu (吳東進) for poor supervision. The penalty is the second-highest in a single case after Nan Shan Life Insurance Co (南山人壽) was fined NT$30 million in September last year and its chairman Du Ying-tzyong (杜英宗) suspended for two years, the commission said. In three rounds of special and regular examinations conducted since last year, the commission found that Shin Kong Life had given too much power to an asset and liability management committee
Nano-X Imaging Ltd, a start-up founded by Israeli investor Ran Poliakine, is joining forces with South Korean chipmaker SK Hynix Inc to build a machine that could disrupt a century-old X-ray industry. Valued at about US$2 billion after listing on the NASDAQ last month, Nano-X is seeking to transform a multibillion-dollar industry that has essentially relied on the same technology since Nobel Prize in Physics winner Wilhelm Roentgen discovered X-rays in the late 19th century. Nano-X’s device uses semiconductors instead of metal filaments to generate X-rays. The backing of SK Hynix, the world’s second-largest maker of memory chips, is a boost for
Continental AG, which makes control units for Daimler AG cars, cannot pursue antitrust claims against a group of patent owners, including Qualcomm Inc, which are seeking royalties on telecommunications technology, a federal judge in Texas ruled. Avanci LLC, a licensing pool formed by Qualcomm, Nokia Oyj, Sharp Corp and other owners of patents on technology standards, is not breaching antitrust laws when it negotiates license agreements with automakers rather than the component makers, Barbara Lynn, chief district judge for the Northern District of Texas, said in dismissing the suit in a decision posted on Friday. The licensing group charges US$15 per vehicle
Sony Corp has cut its estimated Play Station 5 (PS5) production for this fiscal year by 4 million units, down to about 11 million, following production issues with its custom-designed system-on-chip (SOC) for the new console, people familiar with the matter said. The Tokyo-based electronics giant in July boosted orders with suppliers in anticipation of heightened demand for gaming in the holiday season and beyond, as people spend more time at home due to the COVID-19 pandemic. However, the company has come up against manufacturing issues, such as production yields as low as 50 percent for its SOC, which have cut into