Slashdot Mirror

← Back to Stories (view on slashdot.org)

Second Bank Hit By 'Sophisticated' Malware Attack, Says Swift (theguardian.com)

Posted by msmash on from the bank's-sophisticated-security-or-its-lack-thereof dept.

An anonymous reader cites an article on The Guardian: Swift, the global financial messaging network that banks use to move billions of dollars every day, warned of a second malware attack similar to the one that led to February's $81 million cyberheist at the Bangladesh central bank. The second case targeted a commercial bank, Swift spokeswoman Natasha de Teran said, without naming it. It was not immediately clear how much money, if any, was stolen in the second attack. Swift said in a statement that the attackers exhibited a "deep and sophisticated knowledge of specific operational controls" at targeted banks and may have been aided by "malicious insiders or cyber attacks, or a combination of both." The organization, a Belgian co-operative owned by member banks, said that forensic experts believe the second case showed that the Bangladesh heist was not a single occurrence, "but part of a wider and highly adaptive campaign targeting banks."

1 of 32 comments (clear)

  1. I call bullshit on the "wider campaign"... by gweihir · · Score: 3, Interesting

    What happens here is far simpler: One group got away with an amazing payout and had a real chance of making it even larger. This lead to some people re-focusing their attempts, because who knew before that security at some banks using Swift was this pathetic. And no, all these claims of "advanced" and "sophisticated" really only serve to daemonize the attackers, so the affected banks and Swift have can avoid admitting how massively they have screwed up.

    The whole thing is not a surprise at all. Experts have observed "cheaper than possible" security to be used all around the finance industry in the aftermath of 2008, because management that does not get it is making the decisions and is trying to save money on security (and reliability and people as well) in order to make IT more "profitable". That almost universally costs a lot later.

    We are now at the point where "later" is reached. This will get worse for at least 5...10 years until all the bad decisions of the last few years have been fixed.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.