A new robbery was discovered through the SWIFT system. Bangladesh's central bank appears to be part of a widespread cyberattack on the global banking and financial sector by hackers who have obtained access on the backbone of the global financial system, SWIFT.
It's the global banking system that uses thousands of banks and businesses around the world to carry billions of dollars every day. So this system is under attack.
This has revealed the third case concerning the SWIFT breach. The scammers managed to steal about 12 million dollars from the bank of Ecuador. The analysis of the attack revealed many similarities with the attack on Bangladesh's central bank, which lost 81 to millions of dollars.
The attack on Banco del Austro (BDA) in Ecuador occurred in January 2015 and, according to a lawsuit filed by BDA against Wells Fargo, a bank based in San Francisco on January 28, according to Reuters.
How they breach the banks:
First, they use malicious software to bypass the local security systems of a bank.
then access the SWIFT messaging network,
and they send fakes messages through the messaging network to arrange cash transfers from accounts in larger banks.
So over ten days, hackers used SWIFT credentials from a bank employee to modify transaction details for at least 12 transfers.fundamentals, 12 million, which were transferred to accounts in Hong Kong, Dubai, New York and Los Angeles.
In the BDA's lawsuit, Wells Fargo considers Wells Fargo responsible for not identifying illegal transactions and asks Wells Fargo to repay the full amount stolen from the bank.
The lawsuit was filed by the BDA in a New York federal court and states that some of these attacks could have been avoided if banks had shared more details about the attacks through the SWIFT system.
Read: Cyber Security, secrecy and responsibility
Wells Fargo, on the other hand, retaliated by blaming the BDA for its robbery information security policies and procedures, noting that "all instructions received via SWIFT-certified messages are being properly processed," according to court documents.
According to reports, robbery has remained secret for a long time and was revealed when the BDA decided to sue Wells Fargo who approved fraudulent transfers.
SWIFT had no idea about the breach: "We did not know," SWIFT said in a statement.
It turns out that the security of SWIFT was not violated in the attack, but that the criminals used advanced malware to steal the credentials of the bank's employees and cover their traces.