The cybercriminals who performed the Bangladesh bank hacking attack might just be more masterful than it initially appeared!
Not only they stole more than $80 Million from the Bangladesh Central Bank but they also developed a malware that could hit the SWIFT system used for international payments worldwide. This was announced by the BAE Systems’ security researchers. It looks like SWIFT is aware of the malware threat, as they confirmed it to Reuters. The measures the organization is taking in order to protect the payment system from attacks include an update of the SWIFT software and a special warning sent to various financial institutions.
A malware named evtdiag.exe was used by the hackers. This malicious code enabled them to access and change records on SWIFT databases in order to hide their intentions. With the help of evtdiag.exe, the attackers could perform various actions on the SWIFT system such as delete records of transfer requests or intercept messages about payments. They could also manipulate the account balances displayed in order to cover their tracks.
According to security researchers, this malicious software was specifically created to attack the Bangladesh Central bank, but it could be applied to other systems as well. This recent attack is considered among security experts as one of the most elaborate malware hacks ever.
Until now, the Bangladesh bank hack case appeared to be like an amusing comedy full of amateur errors. A simple misspell of “foundation” with “fandation” that was noticed by Deutsche Bank, helped to detect the hack and broke the cybercriminals’ plans down. Despite that, they still managed to withdraw more than $80 million before the malware break was revealed.
Just a few days ago, the analysis of the hack showed that the major vulnerability of the Bangladesh Central Bank were the $10 second-hand network switches without a firewall. These switches were used to link the computers, who were connected to the SWIFT global payment system. Through them, the hackers had the possibility to gain access to the required information and perform direct transfers to their own accounts.
The malware break to SWIFT is considered a direct attack right into the heart of the global financial system.
The new evidence from the analysis suggests that the attackers actually targeted not the entire SWIFT system, but a very specific piece of software named Alliance Access. Therefore, despite that SWIFT payments are used by a large number of financial institutions and banks worldwide, not all of them are affected by the malware. SWIFT’s spokeswoman Natasha Deteran made it clear that the malware has not affected SWIFT’s network or the core messaging services of the global payment system.
However, this break is considered a direct attack right into the heart of the global financial system and shows that SWIFT could be more vulnerable than previously thought.One is for sure, there are still many questions related to this case that are yet to be discovered and additional updates will follow up.