Illusive Blog October 4, 2016

Wire Transfer Network Breached in Cyber Attacks on Bank

By The Illusive Networks team


Cyber criminals are coordinating advanced attacks on banks and financial institutions. If funds and customer information are stolen, it could compromise your institution’s reputation for years.

Recently, these increasingly sophisticated attackers have turned their attentions to wire transfer networks. The February 2016 attack on Bangladesh Bank revealed a sobering truth: the weaknesses in one bank’s cyber defenses compromise the security of all banks in that bank’s wire transfer network.

Do you have protections in place for when cyber criminals get past your firewall?

Keep reading to learn more about the escalating attacks on banks, and how innovative cyber deception technology adds a layer of extra security.

Banks Are Under Attack

The massive attack against J.P. Morgan in 2014 illustrates the scope of attackers’ intentions: J.P. Morgan’s attackers were after more than just money. When they breached the bank, they stole data on 83 million customers, gained invaluable information for targeting specific individuals, obtained insider views of the stock market and stole other information that enabled them to build a huge criminal organization.

As a result, according to investigators, the attackers breached seven major banks, ran an online casino, laundered money globally and traded Bitcoin illegally. They allegedly made more than US$100 million, at one time scooping up $2 million in a single exit. They used 75 shell companies that employed hundreds of people and 30 fake passports from 17 countries to keep it all secret.

As quoted in an article in Dark Reading, U.S. Attorney Preet Bharara stated, “It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate.”

Dozens Of Cyber Attacks Against Wire Transfer Networks

Attackers’ success emboldens other bad actors. In February, 2016, a jaw-dropping attack on Bangladesh Bank stole more than $81 million — and would have stolen much more if not for a suspicious typographical error. Attackers targeted the bank’s wire transfer network account.

At Bangladesh Bank, hackers gained entry to the bank’s systems and moved laterally through the network, successfully reaching the database, then connecting to another machine that led to the bank’s wire transfer server. There, attackers initiated fake, unauthorized messages to steal funds and transfer them to other banks. After the malware sent the messages that stole the funds, it deleted the database records of the transfers and took additional steps to prevent confirmation messages from revealing the theft.

At Bangladesh Bank, confirmation messages would have appeared on a paper report, but the malware altered the paper reports when they were sent to the printer. An alert employee noticed a suspicious typographical error on a paper report. The bank managed to stop a number of the attempted transactions, but $81 million was rerouted to banks in the Philippines, with little recovered as of yet.

A second attack was reported to have occurred on a commercial bank in Vietnam, also using malware written to issue unauthorized messages and to conceal that the messages had been sent.

Other 2016 wire transfer attacks include an attack on Banco del Austro (BDA) in Ecuador. In this case, the thieves sent wire transfer messages that resembled recently canceled transfer requests from BDA, with slightly altered amounts, to Wells Fargo Bank, which honored $12 million in fund transfer requests. Apparently, thieves gained access to legitimate credentials of a BDA employee and sent fully authenticated wire transfer messages.

All told, more than a dozen banks worldwide have been hit in 2016 and are currently undergoing attack investigations.

Protecting Your Networks With Wire Transfer Guard

Traditional firewall-based cyber protections are no longer enough to safeguard your high-value financial data. In response, illusive networks has created Wire Transfer Guard, the first cyber deception technology built specifically to detect, divert and mitigate advanced attacks on wire transfer networks.

By layering a web of agentless cyber deceptions, the technology lures advanced attackers to deception data that alerts you to the presence of an attacker in your system. Because the attacker cannot distinguish the deception data from the real wire network data, they are unable to gain the valuable information they’re targeting. Wire Transfer GuardTM also provides you with advanced forensic reporting to detail the nature of the attack and the areas of your network that were compromised.

While deception technology, also known as Distributed Deception Platforms (DDP), does not replace the need for traditional firewalls, it does enhance the security of your system and acts as a last line of defense against increasingly advanced attacks.

Learn more about Wire Transfer Guard.

Discover how deception technology protects you from advanced attacks.
Start Now