Attacks on banks have been international news since at least 2016, when a cyber heist on Bangladesh’s central bank yielded $81 million through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.
The thieves’ booty could have been more than 10 times bigger, as much as $950 million, if not for a typo. Similar SWIFT attacks have hit both a Ukrainian bank and Ecuador’s Banco del Austro.
Banks are supposed to be the beacons of cyber security capabilities. The fact the banks seem so lost on these attacks shows they have no visibility on their attack surfaces. It just shows that these financial institutions are “very late to the game.”
Using email, networking hacking and command and control through throwaway HTTP/S domains as an attack vector, the attackers breach the bank’s network, obtain domain credentials and move from computer to computer until they find SWIFT access. Once the operator credentials for a SWIFT account are discovered, the criminals start issuing transfer messages.
It’s not a question of if you’ll be breached but when. What banks and all businesses need is a way to know very quickly if they have been breached.
Unfortunately, as endpoint security gets better and better at protecting against commoditized attacks, human-conducted cyber-attacks will become more and more frequent, especially when criminals see successful attacks like the ones in Europe and South America.
And too many businesses do not have proper visibility on their networks. Talk to TCT today to build a cyber-attack resilience business.
Follow us on LinkedIn: