A general view of the headquarters of Malaysia’s central bank, Bank Negara Malaysia, in Kuala Lumpur |
Malaysia’s central bank said on Thursday it had foiled a cyber attack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform, the latest in a series of electronic heists at financial institutions around the world.
While Bank Negara Malaysia said no funds were lost in the incident which took place on Tuesday, it is the second known hack of a central bank after the 2016 theft of $81 million from Bangladesh Bank.
That heist, which also involved fraudulent SWIFT transfer requests, led financial institutions around the globe to bolster security. It was not known who was behind the Bank Negara hack, or how they accessed the bank’s SWIFT servers, but it is likely to prompt further calls to increase security.
Bank Negara said it had taken additional safeguards to protect its stakeholders.
“All unauthorised transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions,” it said in a statement.
“The bank is presently conducting a comprehensive investigation in collaboration with local and international law enforcement agencies on this incident,” it added.
Malaysian police officials were not immediately available for comment.
Bank Negara, which supervises 45 commercial banks in Malaysia, did not immediately respond to requests for more details on the falsified messages and how other central banks were involved.
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, did not provide any details on the cyber attack, saying it does not comment on individual entities.
“We have no indication that our network and core messaging services have been compromised,” it said in an e-mailed statement.
It was unclear whether money was paid out but intercepted at another bank. Previous thefts have involved stolen money being transferred to a number of banks before arriving at its final end destination.
The U.S. Federal Bureau of Investigation, which is conducting a probe into the Bangladesh Bank heist, was not immediately available for comment on the Bank Negara incident.
STILL VULNERABLE
Abu Hena Mohd. Razee Hassan, deputy governor of Bangladesh Bank, said the latest attack showed that the SWIFT platform remained vulnerable.
“After the attack on our central bank, SWIFT took several measures to protect the system globally but yet this is happening, meaning criminals have more ability and more capable weapons,” Razee Hassan told Reuters in Dhaka. “So this is the time to further improve the financial transfer system globally.”
In February, the Russian central bank said unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT system.
SWIFT operates an interbank messaging system which is used to carry instructions for money transfers between banks.
SWIFT has said in the past its central network has never been hacked but terminals within banks that are used to access the network have been compromised on at least several occasions in the past couple of years, including in the Bangladesh Bank heist.
Brussels-based SWIFT said late last year digital heists were becoming increasingly prominent as hackers use more sophisticated tools and techniques to launch new attacks.
SWIFT has declined to disclose the number of attacks or identify any victims, but details on some cases have become public, including attacks on Taiwan’s Far Eastern International Bank and Nepal’s NIC Asia Bank.
The Malaysian central bank said there was no disruption to other payment and settlement systems the central bank operates because of the cyber attack.
The bank said it was conducting an investigation in collaboration with local and international law enforcement agencies.