Banks around the world have been warned to tighten security after a second cyber attack, this time against a commercial bank in Vietnam, was uncovered by forensic investigators following February's $81m Bangladesh Bank heist.
Swift, the financial messaging network used by banks across the world to make and manage payments, claimed that an analysis of the malware used in both attacks indicates a common source.
Furthermore, the security arm of defence contractor BAE Systems has suggested that there are similarities between the malware used in these attacks and the devastating Sony Pictures Entertainment hack in 2014.
The Bangladesh Bank attack was publicised only in April. The bank has been criticised for using obsolete equipment on its network and inadequate IT security. But Swift has rejected claims by the bank that its own technicians were responsible for errors that left it wide open to attack.
Swift has now warned that the Bangladesh Bank attack was not a one-off, and that more banks have been targeted. The attackers used bespoke malware which indicates that they have an inside knowledge of Swift's technology and, perhaps, the banks they are attacking.
In both cases so far disclosed, the attackers accessed parts of the banks' networks hooked up to the Swift system, which should have been ring-fenced with hardened security. They were able to obtain user credentials and manipulate PDF reports confirming messages in order to cover up a series of fraudulent payments.
Investigators have dubbed the attackers Group Zero, and warned that the group may still have access to the Bangladesh Bank network.
"Group Zero may be seeking to monitor the ongoing cyber investigations or cause other damage, but is unlikely to be able to order fraudulent fund transfers," according to Reuters, which broke the story.
Matthias Maier, a security 'evangelist' at networking monitoring company Splunk, told V3: "It appears to have been created by someone with an intimate knowledge of how the Swift software works as well as its business processes, which is cause for concern.
"Basic system monitoring at the bank would have stopped this at the server endpoint by tracking system changes in real time, triggering alerts to analysts.
"Other banks participating in the Swift network now need to compare the indicators of compromise shared by BAE Systems with the data generated by their own environment to understand whether or not they have been affected and how to respond effectively."
Angus McFadyen, partner at law firm Pinsent Masons, said it was no surprise systems like Swift come under attack.
“The schemes and messaging systems that run on that central infrastructure can only be as secure as the weakest link – here it’s the banks that communicate into and use Swift," he said.
"The banks communicating into the Swift system are the natural target for hackers given that they can be much softer targets than the centre."
The $81m Bangladesh Bank heist in February was perpetrated after the attackers gained access to its inadequately protected network and sent a series of payment request messages from the Bangladeshi central bank to the New York Federal Reserve.
The payments totalled $951m, and were curtailed only after a basic spelling error in the name of one of the beneficiaries caused one of the transactions to be questioned.
Holders of bitcoin could find themselves with free 'bitcoin cash' following a hard fork - but only if they have their private key
Ryzen shine: New microprocessors help boost AMD revenues by 19 per cent to $1.22bn in second quarter
Successful launch of Ryzen 5 and 7 CPUs helps boost sales at AMD
Flagship device also supports firm's modular MotoMod add-ons
Comes just week after firm announced plans to bin the service