Cyber Theft Interrupted: Vietnam Bank Foils SWIFT Attack

Uploaded on 2016-06-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Vietnam's Tien Phong Bank said that it interrupted an attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February's massive theft from the Bangladesh central bank.

Hanoi-based TPBank said in a statement recently in response to inquiries from Reuters that in the fourth quarter of last year it identified suspicious requests through fraudulent SWIFT messages to transfer more than 1 million euros ($1.1 millions) of funds.

TPBank said it caught the attempt quickly enough to halt movement of funds to criminals by immediately contacting involved parties. The attack "did not cause any losses. It had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general," the bank's statement said.

The bank said the transfers were made using infrastructure of an outside vendor hired to connect it to the SWIFT bank messaging system. Its statement did not name the service provider, though it said TPBank has discontinued working with that vendor and switched to using a new system that offers a higher level of security and enables it to connect directly with SWIFT.

SWIFT, the backbone of global financial transactions, declined comment on TPBank's claims. Recently, it had said an unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank.

TPBank did not immediately respond to requests from Reuters to elaborate on its statement. Representatives with Vietnam's central bank also did not immediately respond to requests for comment. It was not immediately clear when SWIFT was made aware of the attempted cyber heist at TPBank and whether it took any action to prevent similar attacks or warned other clients.

In February, in one of the world's biggest ever cyber-heists, hackers tried to steal nearly $1 billion from Bangladesh Bank's account at the New York Federal Reserve using fraudulent transfer messages on the SWIFT system.

Most of the orders were blocked but $81 million was transferred to bank accounts in the Philippines. The money was moved to casinos and casino agents and most remain missing.

TPBank said that the attack might have been facilitated using malware installed on a software application used by the third-party vendor. It noted that SWIFT had recently issued a warning about malware used in schemes involving fraudulent transfers ordered over the SWIFT network. Recently, the Brussels-based messaging service sent a warning to all of its customers warning that it was aware of a "small number" of cases of fraud at its customers. It said that malware was used to target a PDF reader used by customers to review statements summarizing transfers made over SWIFT. It was not immediately clear whether TPBank's description referred to the PDF malware.

Cybersecurity firm BAE Systems said malware was used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT network. The malware operated in a similar way to that used by hackers in the Bangladesh cyber heist. BAE did not name the Vietnamese Bank.

TPBank said the servers of the third-party vendor were based overseas, but did not say where. It said the vendor had used a software application that SWIFT had told the bank may have been subject to the malware assault. TPBank, founded in 2008 by Vietnam's top technology firm FPT Corp. considered one of Vietnam's most modern and technologically savvy banks. Just last week it was received the "Best Internet Banking" prize from The Asian Banker.

TPBank's major shareholders include Doji, a local gold and jewelry firm, state-run Vietnam National Reinsurance Corporation  and Singapore-based SBI Ven Holding Pte Ltd, a unit of Japanese financial services conglomerate SBI Holdings Inc  FPT has divested most of its shareholdings and now has a 9 percent stake in TPBank.

After BAE systems said a Vietnamese bank had been targeted, TPBank, when contacted by Reuters, initially denied it had been subject of an attack, saying it "did not have any problems."

Reuters

« Over One Hundred Million LinkedIn Passwords Posted Online
Navigating The Cyber-Threat Landscape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.