Hackers attacked BB with software virus for heist

A destructive software virus was specifically designed for a targeted attack on the central bank of Bangladesh to operate SWIFT Alliance Access (SAA) servers for the heist in its Fed account.
Official sources said the cyber-experts doing the sophisticated probe initially discovered how the malware, a malicious computer virus, was installed to commit the digital theft by overpowering the tenuous cyber-security systems in the Bangladesh Bank and outwitting its management.  
The malware was so designed that it could bypass certain security measures specifically related to the SWIFT environment, according to sources at both the BB and the Ministry of Finance.
"Attackers are capable of penetrating normal cyber-security defences," they quoted the exporters as saying in an interim report on the trans-national hi-tech bank break-in.
In the report of their preliminary findings, the experts' also indentified that sophisticated malware was deployed by the attacker on the SWIFT servers to indeed process and authorise SWIFT transactions.
Complex malwares have been identified with advanced features of command and control communication, harvesting of credentials and to securely erase all traces of activity after accomplishing its task, the experts found.
Currently, an expert team comprising an experienced consultant of the World Bank (WB) and his forensic investigation squad is carrying out investigation continuously with help from the officials of BB IT (information and technology) department.
Besides, the central bank is now hiring expertise from FireEye Ireland Limited, a subsidiary of American cyber-security-firm Mandiant, for detecting the cybercrime committed on February 5.
The experts suspected complicity of an uncategorised threat group--FIN group threat actors within other customer networks in the financial industry--where these threat actors appear to be financially motivated and well-organised.
This group generally installs tools such as screen-scrapers, keyloggers, passive backdoors, and a proxy-aware backdoor to identify application processes to exploit or learn business processes that would aid the attackers in achieving their objectives, they said.
The experts have seen this threat group active in the cyber-underworld since at least late 2015.
Meanwhile, a two-member expert team of SWIEFT is now scanning its network at the central bank of Bangladesh to find any clue to the hacking of the BB systems, a senior central banker told the FE.
The SWIEFT (Society for Worldwide Interbank Financial Telecommunications) team is also collecting information on cyber- security systems, including back office under Accounts and Budgeting Department of the central bank.
The SWIFT provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardised and reliable environment.
Earlier on Sunday, BB Deputy Governor Abu Hena Mohd Razee Hassan told reporters that the expert team comprising experienced consultant of the World Bank and his forensic investigation team was probing the heist with help from the central bank IT experts.
"We expect that the team will complete their investigation within the next two weeks," the deputy governor noted.
Cybercriminals have digitally stolen US$101 million from Bangladesh's foreign-exchange reserves deposited with the US Federal Reserve Bank. Nearly US$20 million of it was recovered from Sri Lanka. The lion's share of the booty landed in the Philippines-and that is reported to have been squandered through gaming in casinos, among other matters of misdealing.       
    [email protected]