A series of spectacular cyber attacks against banks, resulting in the theft of tens of millions of dollars, has heightened fears for an industry becoming an increasingly attractive target for hackers.
Banks in Bangladesh, the Philippines, Vietnam and Ecuador have been victimised over the past year in the attacks on the global interbank service known as SWIFT, and some analysts expect more attacks to become public.
After news of the $81 million heist from Bangladesh’s central bank became public in May, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
Since then, officials said banks have also been hit in the Philippines and Vietnam. Meanwhile, Ecuador’s Banco del Austro claimed in a lawsuit that hackers made off with more than $9 million through fraudulent SWIFT transfer requests.
Cyber security specialists say these attacks are likely just the tip of the iceberg, and expect more revelations. “Cyber criminals are no longer targeting grandmothers at home for small amounts, but going directly where the money is,” said Juan Andres Guerrero-Saade, a researcher with the security firm Kaspersky.
Mr Guerrero-Saade said it’s not clear where the attacks are coming from, but that the hackers are using techniques similar to those developed for cyber espionage.
“I don’t think this implies it’s nation-states, it’s more of an evolution,” the analyst said.
“It’s criminal actors taking on some of those techniques.”Kaspersky researchers last year uncovered a hacker group which targeted banks in Eastern Europe, estimating losses totaling up to $1 billion.
Dan Guido, cofounder of the security firm Trail of Bits, said the recent security breaches are not surprising. “I didn’t think it would take this long,” Guido said. “There are a large number of attacks like this possible if someone has the resources to do it.” He said a relatively small team of determined hackers could carry out the kind of hacks that went through SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, a Brussels-based network which is used by more than 11,000 financial institutions in 200 countries.
The blame, Guido said, rests squarely with SWIFT for failing to bolster its software or require more secure hardware.