SWIFT Hackers Hit Russian State Bank

Written by

The SWIFT banking system has been targeted by hackers yet once again, this time in Russia.

News has broken that bad actors tried to steal 55 million rubles (about $940,000) from Russian state bank Globex—but sources told Russian news outlet Kommersant that they were only able to make off with about 10%, or $94,000. Meanwhile, Globex president Valery Ovsyannikov, the bank's president, told wire services that "customer funds have not been affected".

SWIFT is an international payments system used for global monetary transfers; sources said that the unusually large size of the attempted fraudulent transactions is what tipped the bank off and allowed it to block most of the theft.  

“This, alongside the MoneyTaker ATM thefts, is further evidence that the availability of nation-state tools has proven cyber-intrusions inevitable,” said CEO and founder of Illusive Networks Ofer Israeli, via email. “Our research has uncovered one common weakness in all these attacks—regardless of how initial intrusion is achieved, once inside the gates, advanced professional hackers must move laterally to reach their targets. By understanding this, and focusing on identifying lateral movement, defenders can stop even the most sophisticated attackers before they reach an organization’s crown jewels, and do so before intrusion becomes a damaging and costly breach.”

In February 2016, hackers were able to make off with $81 million from Bangladesh’s central bank, using a software exploit and a malware that had been specifically designed to change code in SWIFT’s Access Alliance software. That allowed them to tamper with a database recording the bank’s activity over the network, allowing attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances—effectively hiding the heist from officials.

Since then, the SWIFT system has issued tighter security guidance, though bad actors continue to target it. Earlier this year, Shadow Brokers released what it said is compromised network data from more SWIFT providers and central banks.

What’s hot on Infosecurity Magazine?