Security Glitch Nets $81 Million in Bangladesh Bank Cyber-heist
According to a report by Security Week, a faulty printer and software glitch allowed a Central Bank of Bangladesh cyber-heist in February that netted nearly $81 million in bank transfers from foreign currency reserve accounts connected to the Federal Reserve Bank of New York. The theft dubbed the largest cyber-heist in history, led to the resignation of Bangladesh Central Bank governor Atiur Rahman and several other high ranking officials.
What Was Compromised?
A printer and software problem prevented a printer from halting millions of dollars in unauthorized transactions along the SWIFT interbank messaging system. Instead the printer processed 46 payment requests on a day the Bangladesh bank was closed. Prior to the theft, the remote terminal for the SWIFT messaging system was reportedly left logged on. This created a hole that allowed hackers to access bank servers and introduce a Remote Access Trojan (RAT) to control the bank’s computer. From there, they obtained real bank codes to authorize bank transfers along the SWIFT system.
If hackers had not misspelled a depositor’s name, another $20 million would have been stolen. According to recent reports, the printer and software glitch caused a four day delay in reporting the heist. The printer was not fixed until two days after the security breach, exactly one day after the Federal Reserve Bank of New York sent queries on four of the transactions. By that time the stolen money had been funneled to Philippine casinos where it was laundered by thieves.
What is the Cost of The Data Breach?
The bank cyber heist could have been much worse. According to Hacked.com, criminals originally targeted $951 million in bank transfers, but were blocked. Besides the $81 million, the cybersecurity hack has derailed confidence in Bangladeshi’s banking system now labelled as “incompetent.” Bangladeshi’s foreign exchange reserves are worth more than $27 billion.
According to reports, Bangladesh Bank officials first discovered the central bank’s computer systems inoperative on February 5, one day after the theft but failed to inform their supervisors. In news reports Bangladesh Bank officials admit their protection system “has some flaws.” A forensic team led by CEO of World Informatix, a cybersecurity company in Virginia and FireEye, Inc. are investigating the heist.
Cyber-attacks like these are more than embarrassing. They cost banks worldwide billions of dollars according to the U.S. Congressional Research Service. The problem is the majority of these are an easy fix and completely preventable.
Next Generation Secure Access Solutions Reduce Risks of Data Breaches
Many organizations have only rudimentary access controls in place and rely too heavily on passwords to protect sensitive information. Given the frequency of major data breaches and the increasing sophistication of hacking methods, it is important to ensure that only authorized users, connecting from properly secured and authorized devices, can access sensitive information. Organizations of all stripes must evolve their security strategy toward next generation secure access solutions and away from antiquated perimeter and password based security models.
How Secure is Your Network?
Pulse Secure's mission is to enable open, integrated enterprise system solutions that empower business productivity through seamless mobility and security. Enterprises from every vertical and of all sizes utilize the company's virtual private network (VPN), network access control (NAC) and mobile security products to enable end user mobility securely and seamlessly in their organizations.
Data breaches are getting more sophisticated. Can your business withstand the cost of a massive data breach?