The Bangladeshi group that used malware to steal almost $82 million from the Bangladesh central bank has struck again, this time on a different commercial bank. Though the official details have not been released, including the affected bank or even if anything was stolen, a forensic examination has revealed suggestive similarities with the prior attack, such as using the bank’s fund transfer system to bypass the bank’s frontline security.
Financial messaging service Swift does not believe this attack is the end of the group’s ambitions, either. A spokesperson for the company released in a statement that “Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.” Swift declined to comment any further on the matter.
Matthias Maier, security evangelist at Splunk, told SC Magazine in a statement this attack should serve as a wake-up call, that he believes the attackers have intimate knowledge of Swift’s software, and that “Basic system monitoring at the bank would have stopped this at the server endpoint by tracking system changes in real time, triggering alerts to analysts.”