According to SWIFT, the messaging system connecting the world’s financial institutions, the global banking system is still under attack as it identified new hacks that targeted its members, urging them to increase security measures. SWIFT did not name the banks affected.
The cyber attacks were seen in Bangladesh, Vietnam, the Philippines and Ecuador as hackers use malware to go around local security systems that can allow them to steal money.
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” according to a copy of the letter reviewed by Reuters.
$101 million was stolen in the attack against the central bank of Bangladesh, and the Banco del Austro in Ecuador had $12 million stolen from its system.
SWIFT has been urging banks to protect their systems against the “persistent, adaptive and sophisticated” attacks that use similar methods to hack into the banks’ local security systems.
“These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages,” SWIFT said in a statement.
The company did not disclose how many new attacks they discovered, but it revealed that its network and core messaging services have yet to be compromised by the hacking attacks.
Documented cases reveal that criminals followed the same pattern of malware being used in order to circumvent a bank’s local security systems, hackers gaining access to the SWIFT messaging network and fraudulent messages sent through SWIFT that prompts banks to transfer cash from accounts at larger banks.
In May, SWIFT CEO Gottfried Leibbrandt said that more attacks may have occurred.
“The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts,” he said.
According to Leibbrandt, the way the hackers carried out the attacks were much more serious than a normal data breach or stealing the banks’ customer information. He said that losing control over payment channels could actually bring down a bank.
“In the recent cases, thieves were able to move just some of those banks’ overseas assets,” he said. “As a result, for the banks concerned, the events haven’t been existential. The point is that they could have been.”
The financial messaging company said that it was taking the necessary steps in order to secure client banks, which includes the sharing of information, support of security audits, and the introduction of more stringent requirements for local bank computer networks.
SWIFT warned banks that non-compliance of bank partners failing to install the latest version of its software could be cause to report them to regulators if not installed by the deadline of November 19.
The group of hackers called “Lazarus” is deemed responsible for the attacks according to cybersecurity researchers. U.S. law enforcers in May said that the attackers could be linked to North Korea.