Hackers Steal $10m From Ukrainian Bank

Uploaded on 2016-07-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Hackers have stolen $10 million from an unnamed Ukrainian bank, according to an independent IT monitoring organization.

The Kyiv branch of ISACA, the Information Systems Audit and Control Association, reported this week that the theft had occurred via the SWIFT international banking system, the organization responsible for managing money transfers between financial institutions worldwide.

ISACA announced the theft after being hired by a Ukrainian bank to investigate. It did not name which bank had hired it to conduct the investigation.

“At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars,” ISACA said in a release.
The organization said that such hacks usually take months to complete. After breaking into a financial institution’s internal networks, hackers will take time to study the bank’s internal processes and controls. Then, using the knowledge and access they have gathered, the hackers will begin to submit fraudulent money orders to webs of offshore companies, allowing them to siphon off millions of dollars.

ISACA said that the hackers likely used publicly available information and tools to commit the theft. The organization also added that the same hack had likely spread to other banks in the Ukrainian financial system.

“Banks now are not sharing such information at all and are afraid of publicity,” said Aleksey Yankovsky, head of ISACA’s Kyiv division.

The announcement follows months of controversy surrounding the security of SWIFT. In February, hackers managed to steal more than $100 million from the Bangladesh Central Bank’s account in the New York Federal Reserve through an attack made via the SWIFT network. That incident led to calls for renewed attention to the system’s safety, as well as criminal investigations by Bangladesh, the Philippines, and the United States.

Ukraine’s banking sector has also come under repeated criticism for a failure to implement Western-style security standards, as well as for a slew of other allegedly bad practices.

Kviv Post

« US & Israel Agree To Co-operate In Cyber Defense
IBM Computer To ‘Help’ Accountants »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Go Grow

Go Grow

Go Grow is a business oriented accelerator program at Copenhagen School of Entrepreneurship. Targeted technologies include IoT, AI and Cybersecurity.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

Tausight

Tausight

Tausight is an AI-Powered patient data security startup with a mission of reducing healthcare cyber incidents using a more proactive, risk management philosophy.