The Bangladesh Bank heist has resurfaced as reports around a potential perpetrator make headlines. The recent focus may be on who and why, but lessons should be learned from what happened – it’s important to recognize common attack patterns and understand the role of privileged accounts.
As a recap: last year, cyber criminals embezzled money from the Bangladesh Central Bank. Using stolen privileged credentials, they moved laterally throughout the environment until they reached SWIFT, a financial services co-op that provides a secure network through which banks can send and receive monetary transactions. Using these privileged credentials, the criminals ultimately ordered a total of 35 transactions worth $951 million through the SWIFTNet systems. From there, approximately $81 million was transferred before a spelling error raised suspicion that led to the discovery of the breach. (Watch a short video for a brief overview of the attack path.) This was a high profile attack, but this was not the only bank as noted in a Reuters article.
Lessons learned from the breach and how you can protect your organization:
- SWIFT Vulnerabilities: Many industry experts have pointed out vulnerabilities in SWIFT, noting that the system has likely not seen its last “bank robbery.” In this CSO article, Lavi Lazarovitz, CyberArk Labs cyber research team leader, explains that attackers are “getting really good at gaining that all important initial foothold inside networks by using attacks such as spear phishing.” With that foothold, they can gain local administrator privileges using, for example, an exploited Acrobat Reader vulnerability; when a user simply opens a malicious PDF file, the file runs malicious code that in turn acquires those elevated privileges.
- Best Practices to Shore up Privileged Account Security: The Bangladesh Bank attack is yet another example of how attackers covet, seek out and exploit privileged accounts to achieve their mission. While this attack had a serious outcome and required advanced planning, the attack methods used were not very sophisticated. In a post-mortem analysis of the attack, CyberArk security researcher Asaf Hecht outlines five best practices that would have likely mitigated the breach.
- How Banks Mitigate Risk: The threat is real and present. Many major banks recognize this and have taken steps to prioritize privilege in the wake of this breach. This American Banker article describes how a $26.9 billion-asset bank uses CyberArk to lock down privileged accounts and monitor and analyze privilege account activity.
Want to learn more? Attend a webcast on March 28, 2017 at 2 pm ET. CyberArk Labs will address the cyber security lessons learned related to the heist. Register here.