Illusive Blog November 8, 2017

Wire Fraud In Nepal: Need Rapid Detection of Cybercrime

By Matan Kubovsky

Attacks on banks’ SWIFT wire transfer systems in 2016 made headlines, with the Bank of Bangladesh’s $81 million heist leading the losses. There might be another wave of fraud attacks underway, with news of NIC Asia Bank, one of Nepal’s largest private-sector commercial banks, experiencing an attack between October 17 and October 21. Attackers extracted $4.4 million in fraudulent money transfers from NIC Asia Bank to accounts in six other countries through a compromise of NIC systems. Earlier in October, attackers also stole $60 million from Far Eastern International Bank in Taiwan via fraudulent SWIFT money-moving messages. According to several reports from the past year, these attacks may be attributable to the Lazarus Group which has been very active in The Far East and Africa over the past decade. The group utilizes sophisticated TTPs, tailor-made to compromise SWIFT systems.


To prevent losses or minimize business impact, speed to detect an instance of wire transfer fraud means everything. Even better is the ability to detect fraudsters before they reach a SWIFT system or other critical systems involved in money transfer processes. Once an attacker enters the bank’s network, he has to move laterally toward assets like its SWIFT system. Illusive’s solution detects attackers as they move so that they can be stopped before they reach wire transfer systems. And our ability to capture instant forensics from compromised systems accelerates incident investigation and analysis. The Illusive Wire Transfer Guard solution deploys a web of deceptions that diverts attackers and significantly increases the odds that they will engage with a deception and reveal themselves.


Nepal’s central bank launched an investigation into the heist and found that six staffers in NIC Asia Bank’s SWIFT department had used a computer meant only for SWIFT transactions for other purposes as well, including email. Such a policy violation could increase risk to SWIFT systems, and to other banking operations. Beyond the ability to detect APTs in progress, Illusive’s Wire Transfer Guard can surface these types of risk indicators—in this case, identifying users and computers that connect to high value assets while surfing the internet and accessing other internal services. This “cyber hygiene” function helps proactively reduce the attack surface, thereby reducing APT attack risk.


Learn how Illusive can disrupt an attack on wire transfer systems. Visit our solutions page on Wire Transfer Guard and download the white paper on Wire Transfer Attacks.