Hackers Steal $10m From Ukrainian Bank

Uploaded on 2016-07-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Hackers have stolen $10 million from an unnamed Ukrainian bank, according to an independent IT monitoring organization.

The Kyiv branch of ISACA, the Information Systems Audit and Control Association, reported this week that the theft had occurred via the SWIFT international banking system, the organization responsible for managing money transfers between financial institutions worldwide.

ISACA announced the theft after being hired by a Ukrainian bank to investigate. It did not name which bank had hired it to conduct the investigation.

“At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars,” ISACA said in a release.
The organization said that such hacks usually take months to complete. After breaking into a financial institution’s internal networks, hackers will take time to study the bank’s internal processes and controls. Then, using the knowledge and access they have gathered, the hackers will begin to submit fraudulent money orders to webs of offshore companies, allowing them to siphon off millions of dollars.

ISACA said that the hackers likely used publicly available information and tools to commit the theft. The organization also added that the same hack had likely spread to other banks in the Ukrainian financial system.

“Banks now are not sharing such information at all and are afraid of publicity,” said Aleksey Yankovsky, head of ISACA’s Kyiv division.

The announcement follows months of controversy surrounding the security of SWIFT. In February, hackers managed to steal more than $100 million from the Bangladesh Central Bank’s account in the New York Federal Reserve through an attack made via the SWIFT network. That incident led to calls for renewed attention to the system’s safety, as well as criminal investigations by Bangladesh, the Philippines, and the United States.

Ukraine’s banking sector has also come under repeated criticism for a failure to implement Western-style security standards, as well as for a slew of other allegedly bad practices.

Kviv Post

« US & Israel Agree To Co-operate In Cyber Defense
IBM Computer To ‘Help’ Accountants »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

SOTI

SOTI

SOTI is an industry leader in Enterprise Mobility Management (EMM).

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.