Cyber criminals have exploited a vulnerability in a software for reading PDF files used by banks for bank statements.
Cyber criminals have cracked for the second time the interbank system SWIFT (Society for Worldwide Interbank Financial Telecommunication), the main system for the exchange of global financial transactions.
THE ATTACK – Hackers have exploited a vulnerability in a software for reading files in PDF used by banks for bank statements. Through this software, the “cracker” have managed to bypass the control systems and to begin the process of transfer of funds. All this after having fraudulently obtained credentials of bank operators. Subsequently, they found the best method to tamper with all the confirmation parameters that banks use for secondary controls.
The new attack has caught everyone a little bit by surprise: after the theft of $ 81 million to the Central Bank of Bangladesh, a Swift spokesman, Natasha Deteran, explained that the company had already released a software update that can block the malware. At the same time, the Belgian company had sent a communication to the banks with instructions to monitor in the better way the situation and to take action in a timely manner. Solutions which, apparently, hadn’t the desired effect.
WHAT IS SWIFT – In Italy, SWIFT is one of two operators of telematic infrastructures under the “System for the electronic transmission of data” (the so-called National Interbank Network) and globally is used by more than 9,000 operators in more than 200 nations to move hundreds of billions of dollars every day.
In theory the system is super safe: to ensure safety, the central banks have adopted a “cooperative” surveillance model, which gives to the National Bank of Belgium the coordinating role. For this it is suspected that the hackers had the help of some insider. Or maybe the Frankenstein monster has woken up.
Source: Qui Finanza