Fed directs banks to check for cyberattacks, shore up security after SWIFT hacks
Regulators told banks to be on the alert for clues that they'd been attacked by the same group that pulled off an $81 million cyberheist from a Bangladeshi bank's account.
The Federal Reserve Bank issued a notice Tuesday telling banks to assess their cybersecurity postures and search for clues that they'd been victims of cyberattacks by the same group that pulled off an $81 million cyber heist from the Bangladesh Central Bank account at the Fed.
The Fed's alert, which Fortune said was reportedly seen by Reuters, was not the only warning issued by regulators this week regarding a series of hacks leveraging the Society for Worldwide Interbank Financial Telecommunication (SWIFT) financial messaging service platform to carry out attacks against financial institutions.
The Federal Financial Institutions Examination Council issued a statement that urged financial institutions to “review their risk management practices and controls over information technology and wholesale payment systems networks, including authentication, authorization, fraud detection, and response management systems and processes.”
SWIFT CEO Gottfried Leibbrandt in May announced details to reinforce the security of the messaging services.
Later in the month Symantec researchers linked a cyber attack on a Philippines bank to the group the Bangladeshi bank heist and to the 2014 Sony hack.
Symantec identified three pieces of malware that were used in limited targeted attacks against the financial industry in South-East Asia and include Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee, according to a May 26 blog post.
Researchers said the Backdoor.Contopee malware was linked to the Lazarus cybergang who used a different malware in attacks against Sony Pictures Entertainment in 2014.
The Fed's circular on electronic access, set to take effect June 30, and which “sets forth the terms under which an Institution may access certain services and applications provided by a Reserve Bank, and under which an Institution or its Service Provider may send certain data to or receive certain data from a Reserve Bank, by means of electronic connection(s).”