A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and made transfers totalling US$1.8 million.
The Kumbakonam-based City Union Bank issued a statement [PDF] on Sunday February 18, in response to local media speculation that three unauthorised transactions were initiated by staff. In it, the bank says it suffered an attack by “international cyber-criminals and there is no evidence of internal staff involvement”.
The statement says the transactions took place on or before February 7, when its reconciliation processes identified the three fraudulent transactions.
A transfer of $500,000 through Standard Chartered to a Dubai bank was blocked at the source. That's good news, of a sort, because SWIFT launched a scanning service designed to spot fraudulent transactions in April 2017, as part of its response to the 2016 incident that saw a second-hand security kit used at Bangladesh Bank let attackers into the international funds transfer system. On that occasion, $81 million was transferred. The attackers tried to steal over $1bn, but were thwarted by a typo in one of their attempted transfers.
SWIFT later warned banks to tighten their security.
It remained a plum target, however, and in October 2017, a Taiwanese bank had $60 million pinched. Those funds were recovered, and the attackers arrested.
It appears that SWIFT's dodgy-deal-detectors worked for the transfer to Dubai. But a second made it to a Turkish bank and $1m is still missing after being transferred through a Bank of America account to a Chinese destination and withdrawn by an unknown beneficiary.
The Indian consulate in Istanbul is assisting with efforts to recover funds from the Turkish transfer.
City Union Bank added that its SWIFT system is back in operation with “adequate enhanced security”.
Just how the alleged criminals exploited the Bank's previous security regime has not been revealed, so it is unknown if SWIFT or Union Bank is the source of the problem.
What is clear is that attacks that allow access to authorised SWIFT users clearly remain temptingly lucrative. ®