More than £4 million stolen from Russian central bank via SWIFT system

News by Teri Robinson

Hackers stole £4.3 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank.

Hackers stole £4.3 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank.

"The volume of unsanctioned operations as a result of [a single successful attack] amounted to 339.5 million roubles (£4.3 million)," the bank said. Hackers gained control of one of the bank's computers and used the SWIFT system to transfer money, according to a report from Reuters.

Cautioning that “the stability of our financial institutions is threatened by these types of attacks,” Nick Bilogorskiy, cyber-security strategist at Juniper Networks, said “they should serve as a call to action for international law enforcement cooperation on defending our global financial systems.”

Bilogorskiy sad that cyber-gangs typically use two methods for robbing bank – ATM jackpotting and SWIFT wire transfers. “Our banks and financial institutions are all interconnected today, which creates major risks and international groups of criminals in various countries are monetising these risks,” he said.  

After hackers stole £58 million from the Bangladesh Central Bank via SWIFT in 2016, SWIFT followed up with a 16-page warning report to banks last autumn, “on the growing sophistication of digital attackers,” said Bilogorskiy. “They listed new creative techniques used by attackers - gaining Administrator rights for operating systems; manipulating software in memory; tampering with legitimate functionality to bypass two-factor authentication; [and] deploying highly covert malware.

SWIFT also countered with “a cyber-threat intelligence sharing service: SWIFT ISAC portal, where malware file hashes and YARA rules and attack Indicators of Compromise could be downloaded by SWIFT customers,” and stressed “the importance for each bank to practice ‘defence in depth' through the combination of multiple layered cyber-defence components, barriers and counter-measures,” he said.

The SWIFT Customer Security Controls Framework went into effect 1 January, 2018 requiring all 11,000 SWIFT member banks in more than 200 countries to comply with 16 mandatory controls - including multifactor authentication, and continuous monitoring  - or face regulatory and economic consequences.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events