SWIFT cyber-attack spreads, no sign of ME targets
Philippines bank latest victim of the global cyber heist: Symantec
Symantec has revealed that a fourth bank in the Philippines has been attacked by the same group that stole US$81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam.
Malware used by the group was also deployed in targeted attacks against a bank in the Philippines. In addition to this, some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus. The attacks can be traced back as far as October 2015, two months prior to the discovery of the failed attack in Vietnam, which was hitherto the earliest known incident, Symantec adds in a blog post.
The attack against the Bangladesh central bank triggered an alert by payments network SWIFT, after it was found the attackers had used malware to cover up evidence of fraudulent transfers. SWIFT issued a further warning, saying that it had found evidence of malware being used against another bank in a similar fashion. Vietnam’s Tien Phong Bank subsequently stated that it intercepted a fraudulent transfer of over $1 million in the fourth quarter of last year. SWIFT concluded that the second attack indicates that a “wider and highly adaptive campaign” is underway targeting banks.
A third bank, Banco del Austro in Ecuador, was also reported to have lost $12 million to attackers using fraudulent SWIFT transactions. However, no details are currently known about the tools used in this incident or if there are any links to the attacks in Asia.
The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region. While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant, Symantec warns.