In early 2016, a major hack made waves throughout the banking world when news emerged that cybercriminals made off with around $81 million by sending over fraudulent money transfer requests through the SWIFT financial network. By unpacking what happened to Bangladesh Bank, organizations can get a better sense of the threats they are currently facing and how they can better protect themselves.
1) Be wary of all endpoints
This hack was somewhat unique in that cybercriminals were able to pose as Bangladesh Bank employees who had legitimate access to the financial network. In the past, many hackers would bypass defenses like anti-virus software to gain unauthorized entry into such a network. While it is unknown precisely how the cybercriminals were able to successfully pose as authorized users – current theories are that either they had help from an employee or they were able to use malware to create a fake account, Bloomberg reported. The incident nevertheless shows that even supposedly authorized accounts on a protected network could still be a front for fraud.
2) Small issues could indicate bigger problems
While the $81 million the cybercriminals got away with is a staggering sum, more money could have been pilfered had it not been for a small typo. Workers in charge of approving the requests noted that one of the proposed transactions was amiss because the wire request was improperly worded.
“The hackers might have stolen much more if not for a typo in one of the money transfer requests that caught the eye of the Federal Reserve Bank in New York,” Wired contributor Kim Zetter wrote. “The hackers apparently had indicated that at least one of the transfers should go to the Shalika Foundation, but they misspelled ‘foundation’ as ‘fandation.'”
Incidences of fraud never announce themselves. Network administrators must remain ever vigilant for all possible signs, as even a minor mistake could indicate a major problem. It’s important to notice and address all small issues before they snowball out of control.
3) Need to constantly monitor even authenticated traffic
The need for oversight and vigilance shouldn’t stop just because a request is coming through an authenticated source, as the Bangladesh Bank heist illustrates just how threats have progressed. Trojans and viruses are not the only ways a business can be breached, as the rise of insider threats and ransomware are just two examples of how cybercriminal activity has evolved. Thus, it’s critical to ensure that your cybersecurity solutions have changed and improved over time as well.
4) Standard network monitoring and oversight practices still as important as ever
In the case of this hack, it’s possible that Bangladesh Bank ignored standard networking best practices. Reuters reported that not only did the bank not have any firewalls in place, but they were also using inexpensive, secondhand switches. Many financial IT experts and law enforcement personnel noted that this incident would not have happened – or at least would not have happened so easily – if Bangladesh Bank had adhered to network security best practices on these two fronts.
“It could be difficult to hack if there was a firewall,” Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department, told Reuters.
The Bangladesh Bank hack was unique in both in scope and how it was carried out, but it nevertheless provides all organizations with useful insights on how cybercriminals work today and what lengths they’ll go to in order to perpetrate an attack. But, with effective network monitoring and next-generation firewalls in place, businesses in all industries are in a much better position to sniff out fraud and protect sensitive data from hackers.