Hackers Try Smaller Heists
In the three years since the massive cyberattack on the Bangladeshi account with the U.S. Federal Reserve, the size of such attempted crimes has shrunk.
Three years after hackers managed to siphon off more than $100 million from the Bangladeshi central bank’s account in the U.S. Federal Reserve, cybercriminals are going smaller.
In 2018, attempted fraudulent transactions ranged from $250,000 and $2 million, down from tens of millions of dollars in the previous two years, interbank messaging system SWIFT said in a report Wednesday. Almost all fraudulent transactions—83 percent—were sent to banks in the Asia-Pacific region, while the targeted lenders were mostly located in countries rated highly corrupt by international regulators, SWIFT said. Tajikistan, Mozambique, and Afghanistan topped those rankings in 2018.
“The higher the value of the instruction, the higher the risk of triggering fraud-detection systems,” SWIFT said in the study. “Since the cyber incident in Bangladesh, the amounts sent in individual fraudulent transactions has evolved, making them harder to detect.”
See also:
- Partners in Cybercrime Fighting
- Steeling Treasury Against Cyberthreats
- Preventing the Next SWIFT Hack
SWIFT, which has more than 11,000 members globally, introduced a set of cybersecurity measures after the electronic heists of 2016 with targets that included the central bank of Bangladesh. It’s also provided new services that member banks can use to catch anomalies in their wire-transfer orders.
As the attempted transfer amounts fell, hackers also started sending their fraudulent orders during business hours, hoping they’d blend in with legitimate SWIFT messages. In the past, such orders were typically sent during holidays or outside regular hours to bypass human detection, SWIFT said. It didn’t disclose the total amount cybercriminals tried to steal through fraudulent messages last year or what percentage of attempts were successful.
Copyright 2019 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.