Anatomy of a Bank Heist: How The Central Bank of Bangladesh lost $100 million
This month saw one of the largest bank heists in history, where cybercriminals got away with $100 million from the Central Bank of Bangladesh through the Federal Reserve’s Bangladesh account. Total losses would’ve amounted to nearly $1 billion but due to a typo, officials were able to freeze the account transfers until they were verified, causing the bank heist to be detected.
While exact details are yet to come, these kinds of attacks will be increasingly common and if banks aren’t updating their security processes and maintaining their network infrastructures, the success rates of these attacks will only go higher. Worse still, if hackers have access to banks and can manipulate funds, any businesses that partner with those banks are also at risk.
How This Bank Heist Was Different
This particular bank heist was unique in that it stole money by way of the U.S Federal Reserve. As ZDNet reports, malware installed in Bangladesh Banks computer systems was the likely culprit. It’s unknown whether the bank heist was part of a zero-day vulnerability or not, a huge difference. We place a large priority on patching cadence, making it one of our grading pillars as part of a company’s Security Scorecard. A long delay in patching cadence makes companies a prime target for hackers, knowing vulnerabilities remain in place for a long time before their patched. However, by the nature of zero-day vulnerabilities, no patch was possible, making it impossible to defend against the attack.
The malware, officials believe, allowed the hackers to obtain or duplicate the credentials necessary to make payment requests to the Federal Reserve Bank. Luckily, it was human error that led to the hackers getting caught before they were able to divert the rest of the money to offshore accounts (the majority in the Philippines). A simple misspelling of the word ‘foundation’ led to a deeper investigation and alerted the bank to the hack.
Investigations are still underway and the Central Bank’s governor, Atiur Rahman has resigned due to the incident. The bank promises to improve their cybersecurity and ensure this kind of bank heist is prevented in the future. The Federal Reserve bank has stated that they have not been hacked in any way and transfers were made according to legitimate protocols using the SWIFT messaging system, a global messaging network used banking institutions.
Our Chief Research Officer Alex Heid provided this insight regarding the hack.
“In the case of this particular incident, it seems that the attack was successful due to credential reuse. Attackers had all the data points necessary to authorize a transfer, presumably harvested over a stretch of time from a successful malware infection.
Unfortunately, there is no single line of defense that will immunize an enterprise from a targeted malware attack. Infections will always happen and the factor that determines the potential damage is the time it takes to identify and remediate the incident.
In addition to common antivirus controls that attempt to identify infections, enterprises can make use of threat intelligence services that provide IP addresses of known malware Command and Control (C2) servers. Administrators are able to block these IPs at the firewall level, which can temporarily prevent the malware from transmitting compromised credentials while the infection is cleaned. Our Threatmarket sensors are what allows us to track live malware campaigns providing companies access to IP reputation data, necessary to identify C2 URLs and infected endpoint IPs.”
As we noted in our 2015 Banking Malware research report, banks aren’t the only institutions at risk when it comes to banking malware. Some of the most harmful banking malware, Dridex, Bebloh, and TinyBanker have been found in wide variety of industries, such as telecommunications, retail, manufacturing, and information services. Malware such as these are more sophisticated and harder to track.
For more information, download our 2015 State of Banking Malware Research Report