It has been reported that Bangladesh’s central bank has been targeted by a group of cybercriminals who have used forged credentials to make illegitimate cash transfers. It’s believed that $80m was stolen – making it one of the largest known bank robberies in history – although if requests hadn’t gone unchallenged the bank could have seen losses of $1bn. The attack happened about a month ago and Bangladesh’s government is said to have blamed the New York Federal Reserve Bank for not spotting the suspicious transactions earlier. While it did alert Bangladesh to the unusual amount of transaction requests, it confirmed that its own system had not been breached.
“With $80m stolen from Bangladesh’s central bank, this latest security breach is likely to send shockwaves around the world’s financial institutions. It’s also worrying that Bangladesh’s central bank is passing blame when, as a financial institution holding vast amounts of funds, it needs to take responsibility for its own security posture.
“Most importantly it shows how critical it is to protect corporate credentials. Those with powerful access rights within an organisation are an easy target for hackers and, if compromised, this can have a devastating impact on any company – financially and in terms of reputation. Spelling mistakes and an unusual amount of activity are tell-tale signs that something untoward is going on and it begs the question whether these were the first slip ups of the cyber criminals.
“The financial services industry is one of the most regulated in the world, but that doesn’t mean it can’t be attacked by cybercriminals. This latest hack is a clear reminder that compliance and adhering to banking regulations isn’t enough. Multi-layer security needs to be implemented, regularly updated and sophisticated monitoring solutions need to be in place to flag and – if necessary – quarantine suspicious behaviour. At least the Federal Reserve Bank of New York’s provisions seemed to have saved the full £1bn from being stolen.”