$ 10 million stolen from Ukrainian bank: new attack by SWIFT hackers

Photo: Carlo Allegri / Reuters

The Kiev branch of the international association Information Systems Audit and Control Association (ISACA), which unites professionals in the field of IT audit, consulting, management and information security, reported theft of money from a Ukrainian bank in the amount of $ 10 million. Name of the bank from which funds were withdrawn It is not reported, however, it is known that hackers were able to manipulate the messages of the interbank information platform SWIFT. And this is not the first such attack.
')

Brief history of SWIFT hacks

The attack on the financial institution was made through the payment system. SWIFT is the international interbank information transfer and payment system, which was founded in 1973. An attack on Ukrainian banks through this system is not an isolated case. Recently, SWIFT was repeatedly subjected to hacker attacks.

Through it, a hacker previously managed to steal $ 81 million from a Bangladesh bank. The attack on the Central Bank of Bangladesh is considered one of the most notorious cybercrimes. We wrote about this story earlier.

In addition, Banco del Austro in Ecuador was also attacked in a similar pattern. As a result of a cyber attack, $ 9 million was stolen. In addition, the media received information about the unsuccessful attack on the Vietnamese Tien Phong Bank from Vietnam. According to Symantec experts, the hacker group Lazarus could be behind the attacks described above. About grouping Lazarus, and about who, probably behind it, you can read more in the previously published material .

How is hacking

The scenario of the attackers is the same. After penetrating the bank, hackers delve into his work for several months, carefully studying the internal processes. Then they use the authority of legitimate users to make payments through the international interbank payment system SWIFT. Hackers are able to read transactions and send their forged ones instead.

And in order to prevent fake transactions from getting into the logs, the service started by hackers monitors incoming messages and deletes the responses to these transactions from the database. In addition, PCL files are modified, sent through the process responsible for printing the logs on a laser printer — before printing, the transaction information is deleted from them, and after printing, it is overwritten with zeros.

What do security experts say

“At the moment, dozens of banks have been compromised, of which hundreds of millions of dollars have been stolen. The banks located in Russia and Ukraine are mainly at risk, ”ISACA experts comment on the incident.
The organization believes that hackers have already managed to penetrate into the majority of Ukrainian banks. At the moment, attackers are studying business processes and are preparing for further large-scale fraudulent operations.

According to the president of the Kiev branch of ISACA, Alexey Yankovsky, banks are extremely afraid of publicity and therefore are very reluctant to share this kind of information with the media. According to him, in order to prevent attacks at the state level, it is necessary to create an information exchange center, where it would be possible to exchange information and jointly plan how to, can reflect future attacks.

Experts of the research company FireEye urge all financial institutions connected to SWIFT not to ignore the increasing attacks and take measures to enhance their own security - for example, to conduct independent security audits more often.

SWIFT Reaction

The SWIFT financial transfer system itself has also developed numerous measures to improve security. However, the introduction of these measures is costly. However, success depends entirely on the participation of all stakeholders in and around the industry. “Only by the joint efforts of all representatives of the industry will it be possible to achieve results,” emphasizes Gottfried Leibbrandt, General Director of SWIFT, in his statements.

Financial companies are developing various means of protection and independently - they can receive not only the struggle against the consequences of hacks, but also the usual errors of IT systems. For example, errors in the operation of stock exchange systems can lead to incorrect display of trade data or incorrect calculation of the collateral to hold a position (an error can even lead to a premature closing of the transaction)

In order to minimize possible damage, brokerage companies are developing various systems to protect customers. How this protection is implemented in the ITinvest MatriX trading system can be found here .

Other materials on finance and stock market from ITinvest :

• ITinvest educational resources
• Analytics and market reviews
• Stock market: How are exchanges organized and why are they needed?
• Stock Market Toolkit: What are Futures and How Do They Work?
• Stock Market Toolkit: What are Options and How Do They Work?
• What are stock indices and why are they needed?
• Books and educational resources on algorithmic trading
• Algorithmic and automated trading: 13 books on the subject