Was the Bangladesh Bank Attack State Sponsored?

Posted in Security

Was the Bangladesh attack state-sponsored?

In 2016, hackers used Dridex malware to fraudulently withdraw money on the SWIFT network. Illegal wires hit consumers when bank information becomes compromised. This story differed only in its target: the central bank of Bangladesh. While hackers tried to steal close to $1 billion, hackers only managed to get $81 million.

While hackers only stole $81 million, it is worth noting this theft could not be reversed. At best the financial system can offset a loss by theft through money creation and reimbursement. In this scenario, the stolen funds would be created, then issued to the bank in compromise. Still, consumers frustrated by thefts which can’t be reversed should note this occurs even with central bank level compromises.

A US official in the Philippines indicated the Bangladesh attack was state sponsored. One indication of this can sometimes involve the target. This may not be true relative to the entity’s security. If hackers discover information prior to an attack, the entity itself won’t matter. The malware Dridex and derivatives of it have been used in other compromises. This malware is not considered complex in design. The malware targets functionality within Microsoft Office, a popular tool in offices worldwide. Smaller targets have had similar malware attack them with this functionality.

Reuters source.