With the Covid-19 pandemic pushing online banking and cashless transactions to unprecedented popularity, a security firm is asking the public to remember the lessons of the infamous Bangladesh Bank cyberheist.
In that improbable online robbery, a total of $81 million was siphoned off from the central bank of Bangladesh from its account at the Federal Reserve Bank in New York and then illegally transferred to banks in the Philippines and Sri Lanka. The money sent to the Sri Lankan banks was recovered but those wired to the Philippines were not.
Cybersecurity firm Kaspersky said that cyberheist in 2016 should prompt business organizations to put up another layer of security to prevent the incident of that scale from happening again.
Kaspersky noted that in the cyberheist, a sophisticated cybercrime gang called Lazarus was able to compromise the bank’s network seven months prior to the day the bank’s own security team requested an incident response.
The Lazarus group was able to cast a wide net of attacks, culminating to the 2016 incident. Before the attack, the group already had exploits undertaken in several financial institutions, investment companies, and even crypto-based businesses across Indonesia, Malaysia, Thailand, Vietnam, and many others.
“More than four years after the world has witnessed one of the most successful cyber heist to date, it is essential for banks and related institutions in Southeast Asia to understand how they can leverage on threat intelligence to foil any sophisticated attempts against their systems,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
Kaspersky said deploying a “threat intelligence” solution in the organization’s security information system can prevent any illegal activity from taking place. At the same time, the cybersecurity staff said employees must be subjected to regular security training sessions since “spear phishing” attacks remain prevalent and effective up to this day.
“The past offers us warnings which we must heed to be able to build a safer today. This applies to the financial sector and all other organizations especially when it comes to cybersecurity,” Tiong said.
The executive said Kaspersky’s cybersecurity researchers have been monitoring the various hacker groups for many years now. It then feeds this information to its software to allow its clients to raise their organization’s security level a step further.
“Through this intelligence, our solutions can detect the possible malware they may use suppose they try to get into a banking system. We can block them, analyze the malicious file, and alert the organization’s IT team on which tactics and techniques to look out for based on the group’s previous attack behavior, saving possible multi-million losses financially and professionally,” he said.