Threat Management, Malware

Wiper attack at Chilean bank provided cover for $10M SWIFT heist

The real target of a wiper malware attack on Banco de Chile were transactions on the SWIFT network that resulted in a $10 million heist.

The company said in a statement that no customer accounts had been compromised in the attack, which destroyed 9,000 workstations and 500 servers.

Attackers executed four fake fraudulent transactions in May and spirited the money away to a bank account in Hong Kong, Pulso cited Banco de Chile General Manager Eduardo Ebensperger as saying.

Noting that the bank “found some strange transactions in the SWIFT system (where banks internationally remit their transactions to different countries),” Ebensperger said, “there we realized that the virus was not necessarily the underlying issue, but apparently [the attackers] wanted to defraud the bank.”

Flashpoint analysts “reverse-engineered the identified malware linked to the May 24 attack against the country's largest financial institution, and said the malware is a modified version of an MBR Killer module known as kill_os. MBR Killer infections render the local operating system and the Master Boot Record unreadable,” the security firm said in a blog post.

“Third-party providers of payment and transfer systems have become one of the most effective attack vectors for hackers trying to siphon money from banks,” said Fred Kneip, CEO at CyberGRX. “We've seen the SWIFT Network under attack for years now, and just last month hackers targeted the Mexican central bank SPEI interbank transfer system.”

Explaining that while tens of thousands of third parties exist in the digital ecosystems of large international banks, “hackers have figured out that it only takes one weak link to make millions of dollars,” Kneip said. “Understanding the level of risk exposure introduced by all third parties is important, but that becomes even more critical for a tier-one partner like a transfer system provider.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.