13 May 2016

Second bank hit by malware attack

3:41 pm on 13 May 2016

Another international bank has reportedly faced a cyber attack following a $US81 million cyber heist in February.

Hacker, cyber attack, (File photo)

SWIFT said the attackers were aided by "malicious insiders or cyber attacks, or a combination of both". Photo: 123RF

The global financial messaging network (SWIFT) that banks use to move billions of dollars every day has warned of a second malware attack similar to the one that led to a $US81 million cyber heist at the Bangladesh central bank.

A spokesperson for the SWIFT system said the most recent attack targeted a commercial bank, but they would not name the bank or say how much money, if any, was stolen.

SWIFT has previously warned that the Bangladesh heist was not an isolated incident, and confirmation of a second attack will likely increase scrutiny on the security of a network that is a linchpin of the global financial system.

SWIFT said in a statement that the attackers exhibited a "deep and sophisticated knowledge of specific operational controls" at targeted banks and may have been aided by "malicious insiders or cyber attacks, or a combination of both".

The organisation, a Belgian cooperative owned by member banks and used by 11,000 financial institutions globally, said that forensic experts believed the attack was part of a wider and highly adaptive campaign targeting banks.

News of a second case comes as authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank.

SWIFT has acknowledged that that scheme involved altering SWIFT software to hide evidence of fraudulent transfers, but that the messaging system it controls was not compromised.

In both cases SWIFT said insiders or cyber attackers had succeeded in penetrating the targeted banks' systems, obtaining user credentials and submitting fraudulent SWIFT messages that correspond with transfers of money.

In the second case SWIFT said attackers had also used a kind of malware called a "Trojan PDF reader" to manipulate PDF reports confirming the messages in order to hide their tracks.