Another day, another SWIFT attack. An independent IT monitoring organization has revealed that an unnamed Ukrainian bank was targeted in a $10 million theft from hackers, using a SWIFT loophole.
The ISACA (Information Systems Audit and Control Association) in Kyiv, Ukraine has reported a theft via the SWIFT international interbanking system.
The ISACA was hired by the Ukrainian bank to investigate the theft and refrained from naming the banking institution while it conducted the investigation.
In a press release, the ISACA stated:
At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars.
The authority speculates that the hackers used freely available public information and tools in order to commit the theft. Such hacks routinely take months to complete, after breaking into the internal networks of the financial institution. After studying the bank’s internal processes and controls, the hackers use the knowledge to then siphon millions of dollars by placing fraudulent money orders to various offshore companies.
The ISACA also stated that the same hacking routine was also being used to target other banks in the Ukrainian financial system.
“Banks now are not sharing such information at all and are afraid of publicity,” said Aleksey Yankovsky, head of ISACA’s Kyiv division.
Previously, the banking sector in Ukraine has come under the scanner for the failure to enforce stringent security standards that are frequently used in the West, beyond the problem of alleged bad practices in the way the banks are run.
For its part, SWIFT has been at the center of a mounting storm of criticism in recent months after the comprehensive and now infamous $100 million cybertheft of the Bangladesh Central Bank account at the New York Federal Reserve. Criminal investigations are underway in Bangladesh, the United States and the Philippines where the stolen money is speculated to have ended up in the immediate aftermath of the theft.