A bug in SWIFT banking software may have been exploited to allow hackers to make off with $81 million from Bangladesh’s central bank in February, according to reports.
Investigators at British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been designed to change code in SWIFT’s Access Alliance software to tamper with a database recording the bank’s activity over the network.
That apparently allowed the attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances – effectively hiding the heist from officials.
The malware even interfered with a printer to ensure that paper copies of transfer requests didn’t give the attack away.
It’s thought that the malware was part of a multi-layered attack and used on the SWIFT system once Bangladesh Bank admin credentials had been stolen.
Although it was written specifically for this attack it could be repurposed for similar attacks in the future, BAE claimed.
However, it hasn’t been discovered yet how the attackers ordered the all-important transfer requests, according to the report.
"I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in," BAE head of threat intelligence, Adrian Nish, told the newswire. "I guess it was the realization that the potential payoff made that effort worthwhile."
For its part, SWIFT confirmed it is later today releasing a software update to “assist customers in enhancing their security and to spot inconsistencies in their local database records."
Its messaging system is used by around 11,000 financial institutions and the like around the world.
It may still be the case that security shortcomings at the Bangladesh Bank also contributed to the cyber theft.
Several reports claimed that the bank was using second-hand routers costing just $10m, and that key firewalls were missing from its security set-up.
Ross Brewer, EMEA managing director at LogRhythm, argued that even firewalls can’t protect organizations against persistent, sophisticated attacks.
“Unfortunately, in this threat landscape, hackers will keep trying and trying until they find a bank’s weak spot,” he added.
“They are persistent and have the tools and skills to get past basic security tools, which means it really is a case of when you will get breached, not if. By having tools in place that can identify a threat on the network as soon as it appears, banks can mitigate any risk and limit the consequences straightaway.”
BAE is apparently planning to release more details on its investigation later today.