ra2 studio - Fotolia

Hackers used SWIFT-based attacks to steal millions from banks

News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more.

The Society for Worldwide Interbank Financial Telecommunication's bank messaging system has become a target of cybercriminals, as two more SWIFT-based attacks, which stole millions of dollars from banks in Russia and India, have come to light.

SWIFT, a nonprofit international cooperative, operates a messaging system for banks to communicate financial transactions. In an attack last year, Russia's central bank had 339.5 million rubles -- approximately $6 million -- stolen by unknown hackers, according to a report from Reuters published last week. In a general report on cyberattacks, the Russian central bank said the hackers used the SWIFT messaging system to steal the money.

According to Reuters, the hackers took control of a computer at a Russian bank and used SWIFT to transfer money into their own accounts. The name of the specific bank that was targeted has not been disclosed.

In a separate attack, hackers attempted three SWIFT-based attacks on the City Union Bank in India earlier this month. City Union Bank issued a statement this week that said it found three fraudulent transactions that used the SWIFT system during its reconciliation process on Feb. 7, 2018.

The first transfer of $500,000 was through a Standard Chartered Bank account in New York to a bank in Dubai. This transfer was blocked and the money was recovered. The second transfer of approximately $372,000 was made through a Standard Chartered Bank account in Frankfurt, Germany, to a bank in Turkey. This transaction was also blocked, and City Union Bank said it is taking steps to recover this amount as well.

However, the third transfer was successful. Hackers made a transfer of $1 million through Bank of America in New York to a bank based in China. The City Union Bank report said these funds were claimed by someone using forged documents.

These SWIFT-based attacks were "initiated by international cyber criminals," according to City Union Bank, and "there is no evidence of internal staff involvement."

SWIFT-based attacks are not a new threat. In February 2016, hackers were able to steal $81 million from the account of the central bank of Bangladesh at the Federal Reserve Bank of New York. During the investigation into this theft, several others were uncovered.

SWIFT was criticized for its slow response to the attacks, initially saying that SWIFT users are responsible for maintaining their own security and preventing hackers from misusing the messaging system. The organization then proposed a general plan for improving cybersecurity and later partnered with BAE Systems and Fox-IT to create a cyberintelligence team to investigate security incidents. SWIFT has also said that its messaging system has never been directly compromised by threat actors.

In other news

  • Matthew Masterson, the chairman of the U.S. Election Assistance Commission, has been removed from his position by Republican House of Representatives Speaker Paul Ryan. Reuters reported yesterday that Masterson has been passed over for a second term with the commission. The Election Assistance Commission was formed after the controversial 2000 U.S. presidential election. It is responsible for maintaining guidelines -- including cybersecurity standards -- for voting systems that states use when they get new voting machines. Masterson has pushed for better cybersecurity in election systems, particularly following the 2017 presidential election, which was targeted by Russian hackers. Ryan and the White House will appoint a new chairman to replace Masterson.
  • A Los Angeles Times' website has been mining crypto coins with users' web browsers and computers for the past two weeks. Security researcher Troy Mursch discovered at least one AWS Simple Storage Service (S3) bucket used by the newspaper was misconfigured and exposed to the public. As a result, hackers inserted Coinhive's Monero-mining JavaScript code into the the L.A. Times' interactive county homicide map, which hijacked visitors' web browsers and used them to mine crypto coins. Only visitors with antivirus protection that specifically blocks the Coinhive code aren't susceptible to the cryptojacking. Security researchers had also noticed the exposed S3 bucket and tried to warn the newspaper, but hackers got there first. This is the latest in a long series of accidental AWS S3 bucket exposures to the public.
  • In its latest attempt to mitigate the Meltdown and Spectre vulnerabilities, Intel has made firmware updates available for its 6th, 7th and 8th Generation Intel Core processors and its Intel Core X-series processors. "The new microcode will be made available in most cases through OEM firmware updates," said Navin Shenoy, executive vice president and general manager of the data center group at Intel. "I continue to encourage people to always keep their systems up-to-date. There is also a comprehensive schedule and current status for planned microcode updates available online." The updates are in response to "the security exploits disclosed by Google Project Zero," according to the Intel announcement. While Intel didn't give specifics, it's understood that these firmware updates are in response to the Meltdown and Spectre vulnerabilities. Meltdown and Spectre are flaws in Intel, AMD and ARM chips and have existed for over 20 years. Intel has struggled with mitigating the vulnerabilities, releasing at least one failed patch that led to excessive rebooting in newer Intel CPU architectures.

Dig Deeper on Threats and vulnerabilities