Hackers nicked $6 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank.
"The volume of unsanctioned operations as a result of [a single successful attack] amounted to 339.5 million roubles," the bank said. Hackers gained control of one of the bank's computers and used the SWIFT system to transfer money, according to a report from Reuters.
Cautioning that “the stability of our financial institutions is threatened by these types of attacks,” Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, said “they should serve as a call to action for international law enforcement cooperation on defending our global financial systems.”
Bilogorskiy sad that cybergangs typically use two methods for robbing bank – ATM jackpotting and SWIFT wire transfers. “Our banks and financial institutions are all interconnected today, which creates major risks and international groups of criminals in various countries are monetizing these risks,” he said.
After hackers stole $81 million from the Bangladesh Central Bank via SWIFT in 2016, SWIFT followed up with a 16-page warning report to banks last fall, “on the growing sophistication of digital attackers,” said Bilogorskiy. “They listed new creative techniques used by attackers - gaining Administrator rights for operating systems; manipulating software in memory; tampering with legitimate functionality to bypass two-factor authentication; [and] deploying highly covert malware.
SWIFT also countered with “a cyber threat intelligence sharing service: SWIFT ISAC portal, where malware file hashes and YARA rules and attack Indicators of Compromise could be downloaded by SWIFT customers,” and stressed “the importance for each bank to practice ‘defense in depth' through the combination of multiple layered cyber defense components, barriers and counter-measures,” he said.
The SWIFT Customer Security Controls Framework went into effect January 1, 2018 requiring all 11,000 SWIFT member banks in more than 200 countries to comply with 16 mandatory controls - including multifactor authentication, and continuous monitoring - or face regulatory and economic consequences.