Hackers target payment transfer system at Chile’s biggest bank, grab ‘$10m’
Banco de Chile has become the latest victim in a string of cyber attacks targeting the payment transfer systems of banks.
The country’s largest bank was hit on 24 May and thousands of workstations hobbled. The ransomware attack was well documented locally and the bank has apologised for disruptions, which ran into days.
At the weekend, Banco de Chile’s CEO, Eduardo Ebensperger Orrego, reportedly told Chilean business paper El Pulso (in Spanish) that the attackers had stolen “$10m” from the bank and that his organisation had disabled 9,000 workstations to stop the virus’s spread before spotting “unusual transactions” on the bank’s local SWIFT network. He reportedly told El Pulso that no customers had been affected and said the bank has filed a criminal complaint in Hong Kong, where the funds were allegedly transferred in “four transactions”.
Security blog BadCyber has a good sitrep on the situation together with images of ransomware-infected bank computers in a blog post here.
Hackers reportedly used a variant of the complex KillDisk wiper malware to distract attention before targeting systems linked to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) inter-bank transfer network.
The Register has contacted both the bank and SWIFT for comment.
The assault followed the same pattern as a recent unsuccessful attack that trashed computers at a Mexican bank but didn’t result into any financial losses.
Both assaults followed the modus operandi and used tools linked to the infamous Lazarus Group (AKA Hidden Cobra), a hacking crew blamed for the $81m cyberheist on funds held by the Central Bank of Bangladesh, the 2014 attack on Sony Pictures and much more besides.
Western intel agencies and private cybersecurity firms are near unanimous in pointing the finger of blame towards North Korea. Moscow-based Group-IB went even further in alleging that the Lazarus Group was controlled by Bureau 121, a division of the Reconnaissance General Bureau, a North Korean intelligence agency.
The suggestion is that Lazarus Group was active at least at late as a fortnight ago, despite a rapprochement in relations between North Korea and the West that has led to peace talks in Singapore this week.
Meanwhile, Trend Micro reckoned that the wiper variant involved in the May attack in Chile was connected to the foiled heist in Mexico in January.
Ofer Israeli, chief exec of Illusive Networks and former officer in Israel’s military intelligence unit 8200, said he believed the Lazarus Group was both behind the latest attack cyber-attack in Chile and likely to strike other banks.
“Targeting financial organisations is part of their long term strategy and compromising global financial networks via small to medium-sized banks in Central and South America whose cyber defences may be less sophisticated poses a higher probability of success,” Israeli said.
“The next Bangladesh heist is imminent unless the entire financial ecosystem does its utmost to minimise the attack surface and proactively detect attacks on the entry points,” he warned. ®
via The Register – Security https://ift.tt/2jCNZ5O
June 11, 2018 at 10:57AM