Vietnam: Bank Said They Stopped Cyber Attack via SWIFT Messaging System
Cybercriminals tried to use fake transfer requests to steal more than US$ 1.1 million from a bank in Vietnam, a similar technique to that used to steal millions from the central bank of Bangladesh earlier this year.
Reuters. The bank said in a statement that it noticed the requests in the fourth quarter of last year, made through an outside vendor that connected the bank to the SWIFT global messaging system. TPBank said that they had moved to a system with more security, and that the attack did not impact “the transaction system between the bank and customers in general.”
SWIFT (The Society for Worldwide Interbank Financial Telecommunication), which transfers billions of dollars each day, said in April that they had experienced “a number of recent cyber incidents.” They said that criminals were able to send fake messages after gaining access to valid credentials of those authorized to create and approve messages. SWIFT allows financial institutions to exchange information about transaction details.
The revelations from Vietnam came after a notice from SWIFT on May 13 about a new malware that targeted a PDF reader used by customers. They said that the cybercriminals have a deep and sophisticated knowledge of controls within targeted banks, and have been able to delay the ability of victims to recognize fraud.
UK- based security firm BAE Systems said there were specialized, identical tools like file names and encryption keys that could mean that the attack in Bangladesh had a link to the 2014 attack against Sony Pictures, according to the New York Times. US authorities traced the 2014 attack back to North Korea. Some believe the attack may have been a retaliation from the release of the movie, “The Interview”, which poked fun at the country.