Cyber Theft Interrupted: Vietnam Bank Foils SWIFT Attack

Uploaded on 2016-06-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Vietnam's Tien Phong Bank said that it interrupted an attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February's massive theft from the Bangladesh central bank.

Hanoi-based TPBank said in a statement recently in response to inquiries from Reuters that in the fourth quarter of last year it identified suspicious requests through fraudulent SWIFT messages to transfer more than 1 million euros ($1.1 millions) of funds.

TPBank said it caught the attempt quickly enough to halt movement of funds to criminals by immediately contacting involved parties. The attack "did not cause any losses. It had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general," the bank's statement said.

The bank said the transfers were made using infrastructure of an outside vendor hired to connect it to the SWIFT bank messaging system. Its statement did not name the service provider, though it said TPBank has discontinued working with that vendor and switched to using a new system that offers a higher level of security and enables it to connect directly with SWIFT.

SWIFT, the backbone of global financial transactions, declined comment on TPBank's claims. Recently, it had said an unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank.

TPBank did not immediately respond to requests from Reuters to elaborate on its statement. Representatives with Vietnam's central bank also did not immediately respond to requests for comment. It was not immediately clear when SWIFT was made aware of the attempted cyber heist at TPBank and whether it took any action to prevent similar attacks or warned other clients.

In February, in one of the world's biggest ever cyber-heists, hackers tried to steal nearly $1 billion from Bangladesh Bank's account at the New York Federal Reserve using fraudulent transfer messages on the SWIFT system.

Most of the orders were blocked but $81 million was transferred to bank accounts in the Philippines. The money was moved to casinos and casino agents and most remain missing.

TPBank said that the attack might have been facilitated using malware installed on a software application used by the third-party vendor. It noted that SWIFT had recently issued a warning about malware used in schemes involving fraudulent transfers ordered over the SWIFT network. Recently, the Brussels-based messaging service sent a warning to all of its customers warning that it was aware of a "small number" of cases of fraud at its customers. It said that malware was used to target a PDF reader used by customers to review statements summarizing transfers made over SWIFT. It was not immediately clear whether TPBank's description referred to the PDF malware.

Cybersecurity firm BAE Systems said malware was used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT network. The malware operated in a similar way to that used by hackers in the Bangladesh cyber heist. BAE did not name the Vietnamese Bank.

TPBank said the servers of the third-party vendor were based overseas, but did not say where. It said the vendor had used a software application that SWIFT had told the bank may have been subject to the malware assault. TPBank, founded in 2008 by Vietnam's top technology firm FPT Corp. considered one of Vietnam's most modern and technologically savvy banks. Just last week it was received the "Best Internet Banking" prize from The Asian Banker.

TPBank's major shareholders include Doji, a local gold and jewelry firm, state-run Vietnam National Reinsurance Corporation  and Singapore-based SBI Ven Holding Pte Ltd, a unit of Japanese financial services conglomerate SBI Holdings Inc  FPT has divested most of its shareholdings and now has a 9 percent stake in TPBank.

After BAE systems said a Vietnamese bank had been targeted, TPBank, when contacted by Reuters, initially denied it had been subject of an attack, saying it "did not have any problems."

Reuters

« Over One Hundred Million LinkedIn Passwords Posted Online
Navigating The Cyber-Threat Landscape »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Start Left® Security

Start Left® Security

From Posture to Performance—The System That Improves How Software Gets Built.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.