The Swift Interbank monetary exchange system has just warned of a 2nd member attack victim, following last month's $81 Bil loss by the Bangladesh Central Bank, in what it calls a “wider and highly adaptive campaign targeting banks."
Andrew Komarov, Chief Intelligence Officer, InfoArmor, says: "Such types of transactions almost certainly couldn’t be organized without the help from either insiders or traders, very familiar with operational controls in the affected institutions. The speed and smoothness of the whole process shows that such a scheme was well prepared and the bad actors probably used very trusted contacts to organize it, and not typical “money mules services” from the underground. We continue to be faced with these cases where the role an insider can be very meaningful in large fraudulent schemes, and parts of the Asian region are especially highly susceptible because of the relatively poor due diligence of many employees."
Craig Kensek, security expert, Lastline adds: "This almost sounds as if someone who has worked in the financial industry has gone to the dark side. We may need to go to "n' levels of controls, with "n" being greater than two. One would think that a DLP solution would flag transfers greater than a certain amount that were being made to certain countries or to IP addresses, especially if the receiver never or relatively rarely had funds of that size transferred before. Perhaps a $20M transfer to an individual account wasn't a large enough anomaly (or wasn't an anomaly at all). The fact that the transfer was being made to a questionable locale could have resulted in a red flag being raised.
"Swift needs to reexamine their processes and use outside experts to try and crack their system. They (if they haven't already), need to create a list of trusted IP addresses that larger funds can go to without 'eyes on' approvals."