The Russian central bank’s Financial Sector Computer Emergency Response Team (FinCERT) disclosed on Friday that hackers compromised a computer at a Russian bank and used the SWIFT system to transfer 339.5 million roubles (around $6 million) to accounts they controlled.
No details about the heist have been shared, so we don’t know which bank has been hit, or when. Going just on the stolen amount disclosed, it is not the Russian state bank Globex, which was similarly hit in December 2017.
Then, on Sunday, an Indian bank announced that cybercriminals had gained access to its systems and executed fraudulent transfers (the orders were sent via SWIFT) of nearly $2 million.
The compromise was discovered on February 7, 2018, during the bank’s reconciliation process, and must have happened shortly before that.
“We immediately alerted the Correspondent banks to recall the funds,” the City Union Bank’s statement explained.
Of the fraudulent transactions, one that instructed the Standard Chartered Bank, New York to send $500,000 to an account with a Dubai-based bank was “blocked immediately.”
The second transfer (of 300,000 euros) was routed through a Standard Chartered Bank account in Frankfurt to a Turkish bank and was blocked by the latter before the criminals had a chance to collect the money.
The third transfer (of $1 million) was made through Bank of America, New York to a Chinese bank, and the funds were claimed by the criminals, who “submitted forged documentary evidence.”
City Union Bank is working on repatriating the transferred money. In the meantime, its “SWIFT payment system is back to normal after ensuring adequate enhanced security in place.”
Over 100 financial institutions in India, including the country’s central bank, use SWIFT to send and receive information about financial transactions.
The Belgium-based financial telecommunication company has been pushing banks to improve their security since the $80 million heist that targeted the Bangladesh’s central bank in 2016 and, shortly after, an attack against a commercial bank in Vietnam. In both cases, the attackers used bespoke malware to compromise the banks’ endpoints (but not SWIFT’s network, interface software or core messaging services).
Early last year, attacks at three Indian government-owned banks that involved fake trade documents sent via SWIFT were foiled.
In April 2017, SWIFT introduced its Customer Security Controls Framework – a set of mandatory and advisory security controls for SWIFT customers aimed at establishing a security baseline for the entire community.
Earlier this year the company shared that “89% of all SWIFT customers attested their level of compliance with the mandatory security controls by the 31 December 2017 deadline.”