SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.
Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers.
“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”
SWIFT has declined to disclose the number of attacks, identify victims or say how much money has been stolen. Still, details on some cases have become public.
Taiwan’s Central News Agency last month reported that Far Eastern International Bank lost $500,000 in a cyber heist. BAE later said that attack was launched by a North Korean hacking group known as Lazarus, which many cyber-security firms believe was behind the Bangladesh case.
Nepal’s NIC Asia Bank lost $580,000 in a cyber heist, two Nepali officials told Reuters earlier this month.
The new report described an attack on an unidentified bank. Hackers spent several months inside the network of one customer, preparing for the eventual attack by stealing user credentials and monitoring the bank’s operations using software that recorded computer keystrokes and screenshots, the report said.
When they launched the attack in the middle of the night, the hackers installed additional malware that let them modify messaging software so they could bypass protocols for confirming the identity of the computer’s operator, according to the report.
The hackers then ordered payments sent to banks in other countries by copying pre-formatted payment requests into the messaging software, according to the report.
After the hackers ended the three-hour operation, they sought to hide their tracks by deleting records of their activity. They also tried to distract the bank’s security team by infecting dozens of other computers with ransomware that locked documents with an encryption key, the report said.
While SWIFT did not say how much money was taken, it said the bank quickly identified the fraudulent payments and arranged for the stolen funds to be frozen.