Cybercrime , Fraud Management & Cybercrime

Malaysia's Central Bank Blocks Attempted SWIFT Fraud

Following the Unauthorized Transfer Attempt, Philippines Alerts Its Banks
Malaysia's Central Bank Blocks Attempted SWIFT Fraud
Malaysia's central bank - Bank Negara Malaysia - in Kuala Lumpur (Photo: Kaihsu Tai, via Creative Commons)

Malaysia's central bank says it detected and successfully blocked a Tuesday attack that attempted to steal funds via fraudulent SWIFT interbank money-moving messages.

"All unauthorized transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions," the country's Kuala Lumpur-based central bank, Bank Negara Malaysia, says in a statement.

Brussels-based SWIFT is a global, member-owned cooperative that provides secure financial messaging services used by more than 11,000 financial institutions in more than 200 countries and territories around the world. SWIFT has been on the information security defensive since February 2016, when attackers stole $81 million from the central bank of Bangladesh's account at the New York Federal Reserve via fraudulent SWIFT messages, very nearly making off with $1 billion (see Security Investments Consume SWIFT's Profits).

The Bangladesh government has only been able to recover $15 million of the missing $81 million, Reuters reports.

The Bangladesh Bank heist has been widely attributed to the government of North Korea (see Report: DOJ Sees Bangladesh Heist Tie to North Korea).

Attack Against BNM Blocked Outright

Malaysia's central bank, which supervises 45 commercial banks in the country, says that risk controls and other defenses successfully blocked the attack. "The bank did not experience any financial loss in this incident," it says. "There was also no disruption to other payment and settlement systems that the bank operates," which it says "remained unaffected and continue to operate normally."

The central bank adds that it is "conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident" and that it remains "on high alert" for any repeat attacks.

The bank has not identified a potential culprit behind the attack. Officials could not be immediately reached for comment about how much money attackers attempted to steal.

Repeat SWIFT Fraud Attempts

Attackers have continued to target banks via fraudulent SWIFT messages. In February, Russia's central bank revealed that last year, one Russian bank lost $6 million to just such an attack. Moscow-based cybersecurity firm Group-IB says the attack was launched by the Carbanak - aka Anunak, Cobalt - gang (see Spain Busts Alleged Kingpin Behind Prolific Malware).

Another recent victim was a small Indian bank that lost $1 million to attackers in February.

Last October, Far Eastern International Bank in Taiwan reported a $60 million theft via fraudulent SWIFT messages, but said that it had been able to recover all but $500,000.

Philippines Alerts Banks

Bank Negara Malaysia's warning that it was targeted in a Tuesday attack led to a Wednesday warning from the Philippine central bank to the banks it supervises.

"We issued a general alert reminder as soon as we got BNM advisory to be extra careful over the long holiday. Although banks already do that as SOP [standard operating procedure]," Nestor Espenilla, governor of the country's central bank - Bangko Sentral ng Pilipinas - told Reuters on Saturday.

Espenilla said the alert was not issued in response to any attack against the Philippines, but rather out of an abundance of caution. "Information sharing is part of enhanced defensive protocols against cybercrime," he told Reuters.

In August 2016, the central bank of the Philippines, after concluding its own investigation into the Bangladesh Bank heist, slammed the country's Rizal Commercial Banking Corp. - RCBC - with a record $21.3 million fine for allowing hackers to move the stolen money via the bank (see Bangladesh Bank Heist Probe Finds 'Negligent' Insiders).


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ca-security.inforisktoday.com, you agree to our use of cookies.