SWIFT Security Concerns Resurface

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

The Bangladesh Bank heist has resurfaced as reports around a potential perpetrator make headlines. The recent focus may be on who and why, but lessons should be learned from what happened – it’s important to recognize common attack patterns and understand the role of privileged accounts.

As a recap: last year, cyber criminals embezzled money from the Bangladesh Central Bank. Using stolen privileged credentials, they moved laterally throughout the environment until they reached SWIFT, a financial services co-op that provides a secure network through which banks can send and receive monetary transactions. Using these privileged credentials, the criminals ultimately ordered a total of 35 transactions worth $951 million through the SWIFTNet systems. From there, approximately $81 million was transferred before a spelling error raised suspicion that led to the discovery of the breach. (Watch a short video for a brief overview of the attack path.) This was a high profile attack, but this was not the only bank as noted in a Reuters article.

Lessons learned from the breach and how you can protect your organization:

  • SWIFT Vulnerabilities: Many industry experts have pointed out vulnerabilities in SWIFT, noting that the system has likely not seen its last “bank robbery.” In this CSO article, Lavi Lazarovitz, CyberArk Labs cyber research team leader, explains that attackers are “getting really good at gaining that all important initial foothold inside networks by using attacks such as spear phishing.” With that foothold, they can gain local administrator privileges using, for example, an exploited Acrobat Reader vulnerability; when a user simply opens a malicious PDF file, the file runs malicious code that in turn acquires those elevated privileges.
  • Best Practices to Shore up Privileged Account Security: The Bangladesh Bank attack is yet another example of how attackers covet, seek out and exploit privileged accounts to achieve their mission. While this attack had a serious outcome and required advanced planning, the attack methods used were not very sophisticated. In a post-mortem analysis of the attack, CyberArk security researcher Asaf Hecht outlines five best practices that would have likely mitigated the breach.
  • How Banks Mitigate Risk: The threat is real and present. Many major banks recognize this and have taken steps to prioritize privilege in the wake of this breach. This American Banker article describes how a $26.9 billion-asset bank uses CyberArk to lock down privileged accounts and monitor and analyze privilege account activity.

Want to learn more? Attend a webcast on March 28, 2017 at 2 pm ET. CyberArk Labs will address the cyber security lessons learned related to the heist. Register here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
996 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
7 COMMON PRACTICES THAT MAKE YOUR ENTERPRISE VULNERABLE TO A CYBER ATTACK
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel