A Typo in Security: The Bangladesh Heist Revealed

This year we have already seen multiple security breaches making headline news, such as the Panama Papers breach we wrote about earlier this week and the Bangladesh heist we are about to cover below. Let’s hope there aren’t any more breaches, but in the meantime learn how you can help protect your organization against cyber-attacks by following our latest security tips and best practices.

Last month, hackers successfully gained access to the Bangladesh Central Bank computer systems. They were trying to steal $1 Billion dollars, and while $81 million was in fact transferred to a non-existent, Sri Lankan non-profit account called “NGO, Shalika Foundation”, $850M– $870M was stopped by the banking system all thanks to two letters – “O” and “U”.

The initial breach was a specially crafted malware program installed within the Bangladesh Central Bank’s central systems. This allowed the hackers to monitor day to day banking activities which enabled them to understand bank transfer procedures and flows.
To execute the final stage of the cyber theft the hackers used stolen employee credentials to establish direct access to the secure financial transfer system (SWIFT). Unfortunately, however, the hackers misspelled “Foundation” and instead typed “Fandation”… so close but yet so far away. This led to the transfer being stopped and questioned, and eventually the breach and theft were uncovered.

Looking back at this incident, what could have been put in place to prevent this breach?

• Continuous Monitoring of your internal network (authentication, messaging, databases) as well as your perimeter network (firewalls, applications, cloud).

• Regular Baseline Checks for ALL SYSTEMS that are connected to your company. If it passes communications it should have a baseline profile on how it performs, applications that are installed, services running, ports open, etc. Compare today’s device baseline profile to last weeks, are there differences?

• Separating/Segmenting Your Network is a very beneficial practice that will limit the impact or damage, and minimize the scope for a more refined forensics analysis.

• Regular Configuration Checks for ALL DEVICES that are connected and serving a function in your organization. This check focuses on the configuration files on devices, and does not include any other variables- i.e. running apps (like baseline checks do).

• Regular Human Reviews are taking place on critical tasks, like change management or transferring millions of dollars to suspect places. Technology cannot be solely relied upon for all of your security needs. People can be a very effective tool.

• Review/Update Operational Processes to keep up with the technology you have today and the technology you plan to have tomorrow. Streamlining old processes and looking for security gaps will allow you to at least stay competitive against an attack such as this.

• Always Look to Improve your people, processes and technologies that allow your business function as a business. Having a single security technology like anti-virus isn’t good enough to prevent hackers anymore. They eat antivirus up like M&M’s.

At the end of the day this attack was well coordinated and well executed. To craft malware and then phish the transaction system with some success, shows this wasn’t a typical hacker. Underneath the details may well find a Nation State Hacker Group as the source.