Monday, 16 May 2016 07:31

Bangladesh Swift payment attack possibly related to the Sony Attack


Reading time is around minutes.

It seems that the recent $81 million dollar attack against the Bangladesh Central Bank might have also been about the Seth Rogan Movie “the interview”... ok, not really, but the attack that happened at Sony in 2014 seems to have many things in common with the recent attack that resulted in the theft of $81 million. During the Sony attack the initial blame was centered on the release of the Interview, but that was never confirmed and seemed to be way off base.

Sony had almost their entire corporate network penetrated and information on executives as well as some pretty damning emails (at one point Sony had to take the network offline). It was a pretty massive blow to the company in many ways. With the recent attack uncovered in Bangladesh the bank the Swift payment system was compromised through the use of malware. Once the attackers got past the minimal security at the bank they started processing payments to an account they had set up with the Federal Reserve of New York. They were able to get away with only (yes only) $81 million when a typo raised alarms with Deutsche Bank.

Swift has also stated that a second bank was target at the same time as the Bangladesh central Bank. This second bank was not named, but the team investigating the attack has eluded that it might be a commercial bank in Vietnam. The claim comes from looking at the malware used in both attacks. This is where the link to Sony comes in. It would seem that the malware used in the Swift attacks exhibits some of the same unique features that was found in the Sony attack as well as others going back to 2009.

If this is true then the capabilities of the attackers could be much greater than anticipated. Some are even starting to make the leap to this being a Nation State sponsored attack. This would play well into the original claims that North Korea was responsible for the Sony breach, but in reality some of the newer criminal organizations have very similar levels of funding and sophistication. The larger enterprise of “cyber” theft is a massive one that has a great potential for return on investment. Some of these might also have strong financial backing from government sources without actually needing to be a part of the government. It grants them extraordinary flexibility when operating and also protection when needed.

The larger criminal organizations are going to become the go to people for governments looking to inflict damage, but not get caught at it. In return governments might turn a blind eye to their activities as long as they do not play in their own back yard. The threat landscape is changing much faster than the systems they are attacking simply because each success does not evoke a large enough effort from the “blue” team to get things running the right way. The relation between the Sony hack and the Swift Payment system attacks are a great example of that.

Read 8748 times Last modified on Monday, 16 May 2016 15:37

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.