26 October 2016
Hackers are believed to have installed malware in Bangladesh central bank's IT systems before pulling off a money transfer scam. Photo: Reuters
Hackers are believed to have installed malware in Bangladesh central bank's IT systems before pulling off a money transfer scam. Photo: Reuters

Bangladesh bank heist serves as further reminder on cyber risks

The hacker attack that resulted in the theft of US$80 million from the Bangladesh Central Bank (BCB) is the latest example of how the financial industry is being rocked by cyber-criminals.

Businesses are continuously failing in dealing with attackers that exploit both human fallacies and network vulnerabilities to cause damage and reap financial gains.

While the full impact of the Bangladesh attack (the cyber-thieves intended to steal as much as US$1 billion!) was avoided due to a mistake made by the attackers, relying on poor spelling should not be a security policy.

This most recent financial attack – believed to have been one of the largest bank heists ever – is similar in nature to the Carbanak hacking group that allegedly stole more than US$1 billion from financial institutions in 2015.

The common denominator in both cases is that the attackers got inside the network and proceeded to hijack the powerful privileged credentials to gain the highest level of insider access.

With this level of access, cyber-attackers can reside inside of the banking network without detection to conduct the espionage needed to carry out their attacks. Once inside, cyber criminals sit and study employee behavior and banking procedures to steal money in the most expeditious way possible.

With Carbanak, it was through fraudulent ATM, cash transactions and money transfers. In the case of the BCB, it came in the form of a series of transfer requests across the global banking system.

It is clear that there are multiple privileged accounts involved in such attacks. They include both the accounts of system administrators and application accounts that would enable an attacker to operate inside the network, but also the accounts of those bank officials who have the permissions to initiate such high-volume transfers.

Attackers look for the credentials that would enable them to reach their goals, which change and evolve in the course of attackers’ activity in the network.

Failure to secure these powerful credentials and monitor their activity exposes the network to a whole range of attacks and prevents any chance of successful mitigation.

If the Bangladesh Bank had been monitoring the activity of these accounts, it could have quickly identified the anomalous behavior and not have been completely reliant on the Federal Reserve Bank of New York, Deutsche Bank, or any other third party to flag suspicious activity.

We can expect attacks of this nature to become more aggressive and cyber-attackers in general to become bolder and more audacious, going after bigger targets for greater sums. Financial institutions must take the steps necessary to prevent attackers from using their own internal credentials against them to operate inside the network and achieve their nefarious goals.

Employing multi-factor authentication, controlling and monitoring the use of privileged accounts, detecting potentially malicious behavior and quickly responding to alerts should be at the core of security practices employed by organizations to mitigate such attacks.

– Contact us at [email protected]


Senior Director of Cyber Innovation, CyberArk Labs

EJI Weekly Newsletter