Researchers believe that malware installed within the Bangladesh Bank’s computer systems allowed cyberattackers to learn how to withdraw and take off with $80 million from the institutes’ Federal Reserve bank account.
This month, reports emerged of a group of unknown hackers launching a fraudulent scheme against the central bank of Bangladesh and the Federal Reserve Bank, based in New York.
As reported by Reuters, a group of cybercriminals were able to steal a total of $80 million from the Federal Reserve’s Bangladesh account — used for international settlements — through a series of rapid and large transactions made to entities across Asia.
It is believed that some type of malware infected the Bangladesh central bank’s computer systems weeks prior to the heist, which took place between 4 – 5 Feb this year.
This malware, although not identified, likely contained surveillance functions which allowed the group to watch and learn how money was processed, sent and received, pointing to a potential remote access Trojan (RAT) or a similar form of spyware.
Investigators have also mentioned the possibility of a zero-day vulnerability. As zero-day exploits are unknown to vendors and, therefore unpatched, if this is the case, the bank would have had no defence against such an attack.
Officials believe that after this crash course in the bank’s processes, the group worked out how to withdraw funds from the bank’s US counterpart without obstacle by using stolen credentials for SWIFT, a financial messaging system used by banks worldwide.
Almost three dozen payment requests were sent to the Federal Reserve in quick succession, with funds being sent to bodies in the Philippines and Sri Lanka before the unusual activity was noticed and US officials contacted their Bangladeshi counterparts.
The attackers, while possessing an understanding of the banking system, made a simple mistake which cost them $20 million in stolen funds.
A $20 million online transfer request was made out to a fake Sri Lankan non-profit organisation called Shalika Foundation. However, as the cybercriminals misspelled “foundation,” the transfer was held up — leading to a request for clarification from a routing bank, Deutsche Bank.
The transaction was then blocked alongside other transfer requests waiting in the queue.
If this typographical error had not been spotted, the attackers may have been able to complete the remaining transactions, which would have totalled almost $1 billion in stolen cash.
Cyberforensics firm FireEye’s Mandiant team is working with investigators and the banks in question to find out how the cyberattackers managed to conduct the theft.
The Bangladesh Bank said weaknesses have been identified in its systems, and it could take years to shore up the financial institution’s defences. The Federal bank has denied any system compromise.
Either way, investigators are still on the hunt for the stolen funds and the group behind the cyberattack.