• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

How Not to Protect a National Bank

April 22, 2016 By Marc Laliberte

In early March, malicious hackers stole $80 Million from a U.S. Federal Reserve account for Bangladesh’s central bank. Early investigation found that the attackers used stolen credentials for the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment processing network to attempt nearly $1 Billion in fraudulent transfers before the compromise was discovered. SWIFT is a messaging network that banks primarily use to send payment orders between one another. SWIFT hardware is deployed on-premises at financial institutions and then connected back to central data centers using IP network infrastructure.

This month, investigators discussed some of the security failures that made this attack possible. As it turns out, Bangladesh’s central bank used cheap unmanaged switches on their internal network and, worse yet, completely lacked any firewall. The SWIFT equipment, while in a separate room, was only separated from the rest of the building’s network by a $10 second-hand switch.

While we still don’t know all the details behind this attack, we can begin to see why the criminals succeeded. Without proper network segmentation, attackers can move laterally between hosts unhindered and undetected. If the attackers were able to compromise a single host, perhaps through a phishing attack or an infected USB drive, they could then easily pivot and compromise the SWIFT systems on the same network.

It is not clear whether the bank’s complete lack of network security was an attempt to save money, or just plain incompetence. Regardless, you can use this incident as an opportunity to refresh some important network security basics. Administrators should always deploy critical systems on a separate network from general workstations, whether by the use of VLANs or even different physical cabling. Not only should you leverage a firewall to segment those networks and to inspect inter-network traffic, but you should use a UTM appliance that also scans the traffic that you do allow between the segments. Not only could a proper firewall implementation have protected Bandladesh’s central bank from losing $80 Million, it could have also provided important visibility into the attack to help identify the criminals and prevent them from attacking again elsewhere. — Marc Laliberte

Share This:

Related

Filed Under: Editorial Articles

Comments

  1. Deejerydoo says

    September 2, 2018 at 9:24 pm

    I don’t think the bank are the only people at fault here. SWIFT should be less concerned about ubiquity and more concerned about ensuring a minimum level of security is applied to their equipment, by themselves. If you can’r ensure the organisation, where your equipment is being installed, is adequately secured, you have to ensure your own systems are secured independently.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use