Daily Management Review

Other Asian Banks had been Attacked by the Bangladesh Bank Hackers, says Cyber Firms


05/29/2016




Other Asian Banks had been Attacked by the Bangladesh Bank Hackers, says Cyber Firms
In addition to the 2014 hack on Sony Pictures, the attack on a bank in the Philippines have been linked to the hackers who stole $81 million from Bangladesh's central bank, says cybersecurity company Symantec Corp in a blog post.
 
North Korea was blamed for the attack on Sony's Hollywood studio by the U.S. Federal Bureau of Investigation.
 
The hackers had recently penetrated banks in Southeast Asia, a senior executive at Mandiant, the cybersecurity company investigating the Bank Bangladesh heist, told Reuters.
 
In the blog post published on Thursday, Symantec said the attacks could be traced back to October last year but did not name the Philippines bank or say whether any money was stolen. It did not identify the hackers.
 
While not ruling out the possibility of cyber attacks on banks, the Philippines central bank's deputy governor, Nestor Espenilla, told Reuters that no bank in the country had lost money to hackers.
 
"We are checking if there are similar attacks on Philippine banks. However, no reported losses so far," Espenilla said.
 
"It is one thing to be attacked. It is another to lose money," he said.
 
It was not known whether the said attacks were successfully blocked or whether any money was lost in the other attacks, said Marshall Heilman, vice president for Mandiant, a part of U.S.-based FireEye.
 
"There is a group operating in Southeast Asia that definitely understands the bank industry and is at more than one location," he said.
 
The country or countries, or the institutions attacked were not identified by Heilman. Without being very specific, he said that the attacks were recent and that it was the same group as the one involved in the Bank Bangladesh theft.
 
There were no comments from Central banks elsewhere in Southeast Asia - Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailand and East Timor.
 
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, urged banks this week to bolster their security, saying it was aware of multiple attacks amidst confirmed reports that there have been at least four known cyber attacks against a bank involving fraudulent messages on the SWIFT payments network, one dating back to 2013.
 
Banks around the world use secure SWIFT messages for issuing payment instructions to each other.
 
February's Bangladesh Bank hack was "not an isolated incident" and a "watershed event for the banking industry",  SWIFT said earlier this week.
 
Without commenting on individual entities, spokeswoman of SWIFT, Natasha de Teran said on Thursday that SWIFT was "actively looking into other possible instances of such fraud".
 
Three pieces of malware have been identified by Symantec which were used in limited targeted attacks against financial institutions in Southeast Asia.
Lazarus, which has been linked to the devastating attack on Sony's Hollywood studio in 2014, is previously associated to one of the malicious programs.
 
"There is a pretty hard connection now to the Sony attacks and the actor behind them" and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.
 
(Source:www.reuters.com)