The latest SWIFT Hack attack was an attempted fraudulent transfer request for more than 1 million euros
Another Swift Hack? Swift, a Belgium-based organization whose technology is used by more than 11,000 banks and other institutions to initiate money transfers and perform other essential financial tasks is used by banks to transfer billions of dollars every day. SWIFT recently warned its customers to beware of cyber fraud.
Swift is a backbone of digital financial transactions. The attempted SWIFT Hack on the Vietnam’s Tien Phong Bank is the latest cyber-attack noted. These attacks point to the fact that hackers, in addition to stealing individuals’ credit card numbers and banking credentials to drain accounts, are also abusing the technologies underlying trusted internal links between banks to pull off bigger heists.
Vietnam’s Tien Phong Commercial Joint Stock Bank said it was the target of a computer attack where hackers tried to steal more than $1.13 million through the bank’s connection to the Swift interbank messaging system, Reuters reported Sunday.
Vietnam’s Tien Phong Bank said that it interrupted the attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February’s massive theft from the Bangladesh central bank.
TPBank said it caught the attempt quickly enough to halt movement of funds to criminals by immediately contacting involved parties.
TPBank, founded in 2008 by Vietnam’s top technology firm FPT Corp FPT.HM, is considered one of Vietnam’s most modern and technologically savvy banks. Just last week it was received the “Best Internet Banking” prize from The Asian Banker.
The bank said the transfers were made using infrastructure of an outside vendor hired to connect it to the SWIFT bank messaging system. Its statement did not name the service provider, though it said TPBank has discontinued working with that vendor and switched to using a new system that offers a higher level of security and enables it to connect directly with SWIFT. SWIFT, on their end reported that an unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank. It was not immediately clear when SWIFT was made aware of the attempted cyber heist at TPBank and whether it took any action to prevent similar attacks or warned other clients.
In February, in one of the world’s biggest ever cyber-heists, hackers tried to steal nearly $1 billion from Bangladesh Bank’s account at the New York Federal Reserve using fraudulent transfer messages on the SWIFT system. During that attack, most of the orders were blocked but $81 million was transferred to bank accounts in the Philippines. The money was moved to casinos and casino agents and most remains missing.
TPBank said that the attack might have been facilitated using malware installed on a software application used by the third-party vendor. It noted that SWIFT had recently issued a warning about malware used in schemes involving fraudulent transfers ordered over the SWIFT network. Swift says that malware was used to target a PDF reader used by customers to review statements summarizing transfers made over SWIFT. It was not immediately clear whether TPBank’s description referred to the PDF malware.
Cybersecurity firm BAE Systems (BAES.L) said last week malware was used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT network. The malware operated in a similar way to that used by hackers in the Bangladesh cyber heist.