The Cyber Security Threat Landscape
Unless you have been living under a rock for the last few years you most certainly have been struck in awe by the overwhelming impact of cyber security breaches in major organizations making the headline news.
The cyber threat is a fast growing and rapidly evolving complex phenomenon, which has caused the unauthorized disclosure of a trove of personal and confidential information, billions of dollars in financial losses and the firing of a good number of CEOs and corporate executives across the retail, financial and health industries.
Cyber security is indeed the most pervasive risk issue faced by organizations worldwide today.
With the current economic challenges being faced in the country coupled with austerity measures in place, while recognizing the importance of the need to jumpstart the growth of our socio economic base to sustain our national development, we can only begin to imagine the catastrophic impact of a cyber security breach to any of our banking institutions.
Would we be able to survive such a huge setback and are our banks prepared to detect and prevent attacks on the privacy and confidentiality of personal and financial data?
These are some of the questions senior executives and boards of directors across the banking, brokerage and financial sectors need to start asking themselves now.
Earlier this year cybercriminals ‘broke’ into the Central Bank of Bangladesh and made away with $81 million after compromising the bank’s SWIFT network.
SWIFT is an acronym for the Society for the Worldwide Interbank Financial Telecommunication, an organization founded in Brussels in 1973 and serves as a platform for global financial transactions between member banks worldwide.
SWIFT provides messaging and transaction processing services for over 10,000 financial institutions located in 194 countries worldwide.
For businesses and banks that transact and process international wire transfers, SWIFT is the core element through which these transactions are facilitated, by entering SWIFT codes which serve as the identification codes for the banks involved in the transaction.
How the Hack Went Down
We will now do a deep dive into how the bank of Bangladesh lost $81 million; giving you a business and high-level technical overview of how the bad guys were able to perpetrate the theft of such a huge amount of cash that went almost undetected save for a typographic error in the payee details of one of the fraudulent destination accounts.
This was a well thought out, well-strategized plan of attack.
The players involved include the bank of Bangladesh, the US Federal Reserve, RCBC bank in the Philippines, and a money transfer firm in Sri Lanka among others located in the Asia Pacific region.
The chronology of events leading up to the cyber heist is described below.
May 15 2005
The unknown unnamed hackers were able to setup fake destination accounts in a bank in the Philippines putting about $500 in the account that lay dormant for a period up to one year.
Malicious software was installed on the SWIFT terminals in the Bank of Bangladesh SWIFT room.
February 4, 2016
The hackers ordered more than 36 different transactions worth almost a billion dollars, $951 million to be exact, initiated with the SWIFT credentials of an employee from the Bangladesh Central Bank, from the bank’s SWIFT system over the SWIFT network to the Bangladesh foreign reserve account in the US Federal Reserve in New York.
The money was taken out of the bank’s reserve account to be transferred to the destination accounts in RCBC bank in the Philippines and the Shalika Foundation in Sri Lanka among other destination accounts, the details of which are currently unknown.
The Federal Reserve received the orders and executed the transactions up to an amount worth $101 million and only stopped short after a Fed employee noticed a suspicious misspelling in the payee details of the non-profit foundation in Sri Lanka.
The Fed employee became suspicious after noticing the misspelling in the word ‘Fandation’ and started to send enquiries to Bank of Bangladesh to validate the transaction requests. The timing of the attack was also very instrumental as it was planned to coincide with the weekend.
However after noticing this suspicious transaction, it got reversed leaving the $81 million ‘booty’ to slip through; the trail ending cold as the money was credited into multiple accounts in a casino in the Philippines.
This was a very sophisticated hack taking into account the manner in which the criminals were able to pull this off.
Jumping into the high level technical aspects of this cyber heist we realize the methods and tactics involved were designed to prevent the Bangladesh Central Bank from detecting the unauthorized transactions by deleting the print transaction confirmation of debit messages and by installing malicious software on the SWIFT terminal to change the configuration file on the system to disable the payment authorization routine.
Lessons Learned from the Bank of Bangladesh Cyber Heist
- Hackers understands your business
According to some security pundits the attackers were able to create custom malicious software also known as malware, that showcase the work of someone who had a very deep knowledge of how SWIFT works and the underlying business processes to be able to subvert the banks most important business process.
- The bad guys will get into your network and systems
In this case size does not matter. You don’t need to be a big banking institution to think that your operation is insignificant to warrant the interest of an attacker.
Your organization could be used as a pawn in an elaborate scheme to achieve the objectives of a criminal.
Your organization may also be targeted because you make an easy prey because of lax security controls, policies and practices.
- The business model of cyber crime is rapidly evolving
The monetization of cyber crime is rapidly evolving to become more sophisticated beyond the basic theft of customer card details, stealing customer Internet banking login information and ATM card skimming.
Criminals are getting smarter, looking for more profitable ways of ‘doing business’.
This can be seen in the current emerging trend of ransomware attacks and in this very audacious attempt to hit the heart of the global financial transaction system to steal close to a billion dollars.
- Your people are your greatest strength and weakness
Your employees are either a priceless asset to your organization or a criminal’s best friend. Well trained and security conscious employees are able to detect and prevent any suspicious events that can lead to financial loss.
However untrained staff will be easy target to phishing scams, which is an area cyber criminals are leveraging repeatedly to gain unauthorized access into organization’s networks.
In this very real sense your employees are your first line of defense; equip them properly with the training, and support they need to recognize potential attacks and report them to the security team and this popular attack avenue is significantly reduced.
Cyber security should be viewed as a strategic business risk. Organizations have to come up with risk mitigation strategies that will involve steps to reduce damage to their most critical assets.
Senior executives and boards of directors need to turn a critical eye to cyber security threats, establish security best practices such as compliance to PCI DSS regulatory requirements and invest in risk mitigation measure to protect organization assets.
In this very real sense your employees are your first line of defense; equip them properly with the training, equipment and support they need to recognize potential attacks.
SWIFT was also reportedly breached again in June of this year as hackers made away with $10 million from a Ukrainian bank, while incidents an Vietnam and Ecuador have also come to light in recent times.
In today’s cyber security threat landscape it is no longer a question of if you will get hacked but when; and when you do, will you be ready to detect and respond effectively?
Edem Glymin is the lead cyber security and risk consultant for Global Secure Solutions.
He is currently working on an MSSP project in the Middle East as a cyber threat and incident response specialist.
You can send your comments to [email protected]