A series of spectacular cyberattacks against banks, resulting in the theft of tens of millions of dollars, has heightened fears for an industry becoming an increasingly attractive target for hackers.
Banks in Bangladesh, the Philippines, Vietnam and Ecuador have been victimized over the past year in the attacks on the Society for Worldwide Interbank Financial Telecommunication (SWIFT), and some analysts expect more attacks to become public.
After news of the US$81 million heist from Bangladesh’s central bank became public in May, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
Since then, officials said banks have also been hit in the Philippines and Vietnam.
Meanwhile, Ecuador’s Banco del Austro claimed in a lawsuit that hackers made off with more than US$9 million through fraudulent SWIFT transfer requests.
Cybersecurity specialists say these attacks are likely just the tip of the iceberg and expect more revelations.
“Cybercriminals are no longer targeting grandmothers at home for small amounts, but going directly where the money is,” said Juan Andres Guerrero-Saade, a researcher with the security firm Kaspersky Lab.
Guerrero-Saade said it is not clear where the attacks are coming from, but that the hackers are using techniques similar to those developed for cyberespionage.
“I don’t think this implies it’s nation-states, it’s more of an evolution,” the analyst said. “It’s criminal actors taking on some of those techniques.”
Kaspersky researchers last year uncovered a hacker group that targeted banks in Eastern Europe, estimating losses totaling up to US$1 billion.
Dan Guido, co-founder of the security firm Trail of Bits and hacker-in-residence at New York University’s engineering school, said the recent security breaches are not surprising.
“I didn’t think it would take this long,” Guido said. “There are a large number of attacks like this possible if someone has the resources to do it.”
Guido said a relatively small team of determined hackers could carry out the kind of hacks that went through SWIFT, a Brussels-based network which is used by more than 11,000 financial institutions in 200 countries.
The blame, Guido said, rests squarely with SWIFT for failing to bolster its software or require more secure hardware.
“It’s clearly within their control to have prevented incidents like this,” Guido said.
“They could have had more aggressive security requirements, they could have had protective hardware,” he said.
On July 11, SWIFT announced it had hired cybersecurity firms BAE Systems PLC and Fox-IT while creating its own security intelligence team in an effort to thwart attacks.
In the US, concerns have been raised among officials, industry leaders and lawmakers about potential threats to banks from hackers.
Data breaches in the past affected tens of millions of JPMorgan Chase & Co customers, and accounts from financial giant Morgan Stanley.
A congressional report last month found “major data breaches” at the Federal Deposit Insurance Corp.
The American Bankers Association this month joined with other financial and security organizations to warn of possible risks.
“While recent events targeted national financial institutions with access to a global payment network, financial institutions should assess the risk of all critical systems to ensure appropriate controls are in place,” the warning said, calling for a series of new controls and safeguards against cyberattacks.
Christiaan Beek of Intel Corp’s McAfee Labs said the hackers that targeted SWIFT were well-organized and resourceful.
“We can see that the attackers have done their reconnaissance properly and may have used an insider to get the details they needed to prepare their attack,” Beek said in a blog post.
“The attackers have a very good understanding of the SWIFT messaging system and how to manipulate the system to prevent the detection of their fraudulent attempts of transferring the money,” he said.
Researchers at the security firm Symantec concluded that malware used in the bank hacks shared code with that used in the massive 2014 cyberattack against Sony Pictures Entertainment Inc.
Guido said it is entirely plausible that US banks could face similar attacks.
“I don’t see why it can’t happen here,” he said. “There are a lot of smaller banks that don’t have expertise and guidance to protect their interconnections.”
Guerrero-Saade said a key part of staying ahead of hackers is sharing information about threats to enable security solutions, since many companies fear disclosure would hurt their business.
“Sadly most companies don’t tend to be very forward-looking, they think that if they don’t sound the bell themselves no one will find out,” he said.
“It’s much better for us to get ahead of this as an international community,” he added.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract chipmaker, yesterday said its materials management head, Vanessa Lee (李文如), had tendered her resignation for personal reasons. The personnel adjustment takes effect tomorrow, TSMC said in a statement. The latest development came one month after Lee reportedly took leave from the middle of last month. Cliff Hou (侯永清), senior vice president and deputy cochief operating officer, is to concurrently take on the role of head of the materials management division, which has been under his supervision, TSMC said. Lee, who joined TSMC in 2022, was appointed senior director of materials management and
Gudeng Precision Industrial Co (家登精密), the sole extreme ultraviolet pod supplier to Taiwan Semiconductor Manufacturing Co (台積電), yesterday said it has trimmed its revenue growth target for this year as US tariffs are likely to depress customer demand and weigh on the whole supply chain. Gudeng’s remarks came after the US on Monday notified 14 countries, including Japan and South Korea, of new tariff rates that are set to take effect on Aug. 1. Taiwan is still negotiating for a rate lower than the 32 percent “reciprocal” tariffs announced by the US in April, which it later postponed to today. The
MAJOR CONTRIBUTOR: Revenue from AI servers made up more than 50 percent of Wistron’s total server revenue in the second quarter, the company said Wistron Corp (緯創) on Tuesday reported a 135.6 percent year-on-year surge in revenue for last month, driven by strong demand for artificial intelligence (AI) servers, with the momentum expected to extend into the third quarter. Revenue last month reached NT$209.18 billion (US$7.2 billion), a record high for June, bringing second-quarter revenue to NT$551.29 billion, a 129.47 percent annual increase, the company said. Revenue in the first half of the year totaled NT$897.77 billion, up 87.36 percent from a year earlier and also a record high for the period, it said. The company remains cautiously optimistic about AI server shipments in the third quarter,
Nvidia Corp CEO Jensen Huang (黃仁勳) on Thursday met with US President Donald Trump at the White House, days before a planned trip to China by the head of the world’s most valuable chipmaker, people familiar with the matter said. Details of what the two men discussed were not immediately available, and the people familiar with the meeting declined to elaborate on the agenda. Spokespeople for the White House had no immediate comment. Nvidia declined to comment. Nvidia’s CEO has been vocal about the need for US companies to access the world’s largest semiconductor market and is a frequent visitor to China.
RSS