VietNamNet Bridge - A series of attacks by hackers on banks occurred recently, showing that banks’ investments in security solutions are insufficient.

In mid-May 2016, TP Bank said that it refused a request on the transaction of remitting over 1 million euros, or $1.13 million. 

The request came from a third-party service the bank used to connect to Swift. 

TP Bank, suspecting fraud, decided to check with involved parties and stopped the payment order after discovering the problem.

Prior to that, in February 2016, the Bangladeshi central bank said hackers stole $81 million through malicious software. 

Swift is a global payment service provider, whose technology is used by more than 11,000 banks to carry out money transfers and financial tasks. 

A series of attacks by hackers on banks occurred recently, showing that banks’ investments in security solutions are insufficient.

Hackers then attacked its system and sent fraudulent transfer requests to the Bangladeshi central bank in an attempt to steal $951 million. The hackers had $81 million when they were discovered.

On May 26, 2016, Symantec stated it discovered the evidence of hackers getting involved in the attacks on a bank in the Philippines in October 2015, on TP Bank and on the Bangladeshi central bank.

The security experts from Symantec said hackers attacked the banks using old versions of Swift, or installed malware on software products used by third parties that banks use to connect to Swift.

Having realized of the risk, many banks have stopped using services provided by the third parties and focused on developing security technologies.

BKAV, the Vietnamese leading network security firm, said vulnerabilities existed at 30 percent of Vietnamese commercial banks’ websites and they were prone to cyberattacks, two-thirds of which were at medium and high risk.

The most dangerous vulnerability for bank now is SQL Injection which paves the way for hackers to make direct attacks on websites’ data.

Meanwhile, XSS (Cross Site Scripting) and Open Redirection put banks at the risk of being hijacked or redirected to phishing sites.

Ngo Tuan Anh, vice president of BKAV, noted that many websites with vulnerabilities belong to newly set up or restructured banks which have not made appropriate investments in security solutions. 

According to Vo Do Thang from VNISA, the Vietnam information security association, hackers have targeted businesses for many years to seek profits. 

Many companies in the areas of electricity, water, gas, oil, food, banking and even government agencies are also the subject of advanced persistent threats (APT).


NLD