The Philippines has emerged as a new hot spot for cybercriminals. While it is considered the third most affected country in the world, Bangladesh claims the top spot, with attacks often bouncing between the two jurisdictions.
First Published 27th April 2016
The cyber-sophistication levels of some developing economies are making them attractive targets.
4 min read | Reflare Research Team
We usually hear about the US or European banks and financial institutions being targets for hackers. However, as more developing nations improve their technology and expand Internet capabilities, they too, become a target. This is precisely what happened this week when a Bangladeshi bank was compromised, and US$81 million was stolen and transferred to the Philippines. The hackers actually tried to steal over $900 million, but only some of the transfers went through the system.
The hackers started the heist weeks ago prior to being discovered, meaning they had plenty of time to analyse, uncover poor security layers and steal data. It is estimated that they were able to compromise approximately 32 computers on the bank network and uploaded malware named evtdiag.exe. The malware then installed other hacking tools such as keyloggers to steal sensitive data including user credentials from banking employees.
The Bangladeshi central bank implemented SWIFT, which is a network used by financial institutions to transmit transactions across a network. Since the hackers were able to place keyloggers on local machines, passwords and encryption were no longer a hurdle. Keyloggers log keystrokes on a computer and send the data to a third-party, in this case, hackers. The hackers also had remote access to the central bank's network hubs.
With access to machines and employee credentials, the hackers sent fraudulent transactions directly from the internal bank systems to avoid detection.
Unfortunately, this is the first of what will likely be an ongoing trend in the future. As developing countries increase their Internet coverage, they will soon be a major target for hackers. These developing countries have increased their economic and financial conditions so as to become a part of the global market. As their economy improves further, so will their financial throughput and thereby their desirability as a target for hackers.
While the internet becomes a more and more critical part of various industries in developing countries, few local experts sufficiently understand security. Roughly speaking, many high-value targets in these regions face current hackers with defences that are 10 or more years old. It is imperative that financial institutions, governments, and infrastructure providers grow their security technology along with their public Internet access. Without the right security in place, the central bank hacking situation will be commonplace in the near future.