Bank security looks even shakier as cybercriminals hit another big target

Swift says second bank breached following $80m Bangladesh attack

Bank safe

Global payments network Swift has said that a second bank has been hit by a cyber-attack, following the infamous pillaging of Bangladesh Bank to the tune of $81 million (around £55 million, or AU$110 million).

This time around the bank in question hasn't been named – at least not yet – and Swift also didn't reveal whether any cash had actually been pilfered, although the thieves certainly attempted to siphon large amounts of money away to their accounts.

However, the same tools and methods were broadly used as with the attack on the central bank of Bangladesh, and according to a BBC report the cybercriminals were in possession of a "deep and sophisticated knowledge of specific operational controls" of the bank that was hit.

That suggests insiders at the bank could have passed off info to the attackers, and that the intrusion perhaps wasn't just down to issues with dodgy security. Insiders gone bad are often an underestimated threat in any organisation.

Sorrowful switches

The hit on Bangladesh Bank was certainly facilitated by poor security, as the organisation used second-hand $10 switches to hook computers up with the Swift payment system, in contrast to more sophisticated switches which are far more expensive and can cost hundreds of dollars.

Better switches could have ensured that the Swift room at the Bangladesh central bank was walled off from the rest of the system, and what's more even basic security measures like a firewall weren't in place.

Other central banks in developing nations reportedly have similar security holes, and indeed Swift recently warned that the Bangladesh affair was likely to be the tip of the iceberg. That looks like it is indeed the case, and at the end of last month, Swift observed that it was aware of a number of attempts to hack into its messaging platform in order to use it for malicious ends.

More details may emerge on this second attack soon enough, and Swift has made it clear that we shouldn't be surprised to hear about further incidents along the same lines.

Article continues below