A spate of bank heists perpetrated by cybercriminals, that have incurred tens of millions of dollars in losses, has heightened fears of the financial sector becoming an increasingly attractive target of cyberattacks, reported AFP
Banks in Bangladesh, the Philippines, Vietnam, and Ecuador have been hacked over the past year on the global interbank service SWIFT, and some analysts expect more attacks to become public, said the report.
After news broke out of a spectacular US$81 million Bangladesh bank heist, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
"Cyber criminals are no longer targeting grandmothers at home for small amounts, but going directly where the money is," Juan Andres Guerrero-Saade, a researcher with security firm Kaspersky, told AFP
Guerrero-Saade said it’s not clear where the attacks are launched, but that the hackers are using techniques similar to those developed for cyber espionage.
"I don't think this implies it's nation-states, it's more of an evolution. It's criminal actors taking on some of those techniques," said the analyst.
Kaspersky researchers have discovered last year a hacker group which targeted banks in Eastern Europe, estimating total losses up to $1 billion.
Dan Guido, cofounder of security group Trails of Bits and resident hacker at New York University’s engineering school, said recent security breaches are not surprising; and that a relatively small team of determined hackers can carry out the kind of hacks that went through SWIFT or the Brussels-based Society for Worldwide Interbank Financial Telecommunication.
In the United States, officials, industry leaders, and lawmakers have raised concerns about the potential threats hackers pose to banks.
Senator Tom Carper asked the Department of Homeland Security for a briefing for an investigation into the vulnerabilities of the US financial system.
The American Bankers Association and other financial and security organisations, on the other hand, have issued a warning that called for new controls and safeguards against cyberattacks:
"While recent events targeted national financial institutions with access to a global payment network, financial institutions should assess the risk of all critical systems to ensure appropriate controls are in place."
Guerrero-Saade said that to stay ahead of hackers and to enable security solutions, it is critical that companies share information about threats.
"Sadly most companies don't tend to be very forward looking, they think that if they don't sound the bell themselves no one will find out," he said.
"It's much better for us to get ahead of this as an international community."
Russian banks lose millions to cyberattacks
Financial institutions face growing hacking and malware threat