Hackers use access to Swift network to steal $10m from Ukraine bank
Hackers have used the Swift network to steal $10 million from an unnamed Ukrainian bank, according to an independent IT monitoring organisation that spoke to the Kyiv Post.
This latest incident is part of a spate of thefts when the banks’ access to the Swift network was used to execute them. Recently, investigators said they were looking at more potential computer breaches following three attacks – a $101 million cyber heist in Bangladesh – the biggest cyber heist in history; Vietnam’s Tien Phong Bank stopping an attempted wire fraud; and Ecuador’s Banco del Austro losing around $9 million.
The Kiev branch of ISACA, the Information Systems Audit and Control Association, says the theft occurred via the Swift network. There is an element of secrecy and doubt concerning the matter as ISACA was hired by a Ukrainian bank to investigate, which remains unnamed.
ISACA says: “At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars.”
The organisation says such hacks usually take months to complete. ISACA adds that the hackers “likely used publicly available information and tools to commit the theft” and the same hack had “likely spread to other banks in the Ukrainian financial system”.
Swift emphasises that its network had not been hacked in any way but was simply used as a way to execute the theft – something that would not have been possible had the banks’ environments not been compromised.
“Banks now are not sharing such information at all and are afraid of publicity,” says Aleksey Yankovsky, head of ISACA’s Kiev division.
The Kyiv Post adds: “Ukraine’s banking sector has also come under repeated criticism for a failure to implement Western-style security standards, as well as for a slew of other allegedly bad practices.”
No room for the weak
Prior to this incident in Ukraine; Bangko Sentral ng Pilipinas, the Philippine central bank, said it was strengthening its cyber security surveillance in light of the recent developments.
Swift also reacted to the incidents. CEO Gottfried Leibbrandt warned banks with inadequate cyber defences they could find themselves booted off its payment network.