Hackers first distracted bank security with malware, causing chaos. A common tactic of hackers, in words of experts from the International Institute of Cyber Security, is to deploy destructive malware to distract defense systems from a separate attack that addresses their most important targets in an organization.
This “smokescreen” style of attack was recently used against Banco de Chile, the second largest bank in the country, which past May 24 lost about 10 million dollars due to fraudulent SWIFT transfers. The robbery occurred while the bank was distracted whit hundreds of workstations and servers that suddenly stopped working.
This incident may seem related to a series of attacks against banks in Latin America. Last month, in fact, five banks in Mexico suffered attacks against their system of interbank electronic payments, known as SPEI, used for domestic transactions.
Researchers with information security training say they have analyzed the malware used in the stage of distraction of the attack against Banco de Chile, claiming that it is the malware MBR Killer, which was first used to attack Russian banks in 2015.
Chile has been looking to improve its security measures in the financial system.
The Superintendence of Banks and Financial Institutions of Chile, regulatory authority, made a presentation before the Economic Commission of the Senate of Chile on June 6 about the attack to the bank. Superintendent Marco Farren told Chilean legislators that this incident represents an opportunity to improve security standards of bank systems. Last January, the Superintendence issued a security protocol to view the financial system as a relevant infrastructure for the Chilean State.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is an international cooperative organization in which transactions from around 11000 banks worldwide are developed, which makes this cooperative network a very attractive target for hackers.
Hackers have not exploited the specific vulnerabilities of SWIFT systems; instead they have tried to exploit the weak controls in banks, compromising key accounts for Bank officials in order to generate fake international transfers.