Important Cyber Security Lesson from an $81 Million Cyber Crime - By Cybersecurity Expert Joseph Steinberg

Cybersecurity Lessons from an $81 Million Cyber Crime
Author

Joseph Steinberg

Last updated September 4, 2017


  • 1171 Views


Cybercriminals recently attempted to make fraudulent transfers of money totaling nearly a billion dollars out of the Bangladesh Central Bank's account at the Federal Reserve Bank of New York. While most of the payments were detected as problematic and, therefore, blocked, approximately $81 million was successfully stolen – transferred to accounts in the Philippines from which it was funneled through local casinos.

A report from BAE Systems indicates that the crooks likely hacked not only into the bank but also into the international money transfer platform owned together by 3,000 financial institutions called SWIFT. SWIFT confirmed this week that it was aware of an ongoing malware attack targeting its infrastructure via its client software, and issued a special warning for financial institutions to be especially vigilant.

What is fascinating, however, is not just how significant the Bangladesh theft is becoming on a global scale, but how poor the bank’s information security apparently was at the time of the breach. According to an investigator at the bank, the bank was especially vulnerable because it did both not have firewalls and used second-hand, inexpensive switches to connect computers to the SWIFT global payment network.

​You read that correctly: No firewalls. $10 used switches. To protect systems connected to a global funds transfer network.

The aforementioned two security weaknesses obviously put the bank at risk by making it much easier for hackers to break into the bank and attempt to make fraudulent money transfers using the bank’s SWIFT credentials – something that may end up putting people all over the world at risk as well.

This episode raises an important question: Would you have thought that a bank handling billions of dollars could be operating without well-configured firewalls – never mind without necessary firewalls altogether?
There is a tremendous lesson to be learned: Don’t assume anything when it comes to information security.
 
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack – and we’ve got special rates for our readers!

Find our CEH (V10)- Certified Ethical Hacker Online Classroom training classes in top cities:

Name Date Place
CEH (V10)- Certified Ethical Hacker 28 Sep -27 Oct 2018, Weekdays batch Your City View Details
CEH (V10)- Certified Ethical Hacker 12 Oct -10 Nov 2018, Weekdays batch Atlanta View Details
CEH (V10)- Certified Ethical Hacker 27 Oct -25 Nov 2018, Weekend batch Chicago View Details

About the Author

The author is the CEO of SecureMySocial, is a renowned cyber security thought leader and author of several books on the topic, including (ISC)2’s official study guide for the CISSP-ISSMP exam. Recognized by Onalytica as one of the top cyber-security influencers in the world, he is also the inventor of several IT Security technologies widely-used today; his work is cited in over 100 published US patent filings. He is also one of only 28 people worldwide to hold the suite of advanced information-security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep.


{{detail.h1_tag}}

{{detail.display_name}}
{{author.author_name}} {{author.author_name}}

{{author.author_name}}

{{detail.full_name}}

Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}

Registrants:{{detail.downloads}}

Downloaded:{{detail.downloads}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Webinar'}}

Hosted By

Profile

{{author.author_name}}

{{author.author_name}}

{{author.about_author}}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook' }}

About the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook' }}

View {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

Webcast

Register Now!

Download the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook'}}!

First Name*
Last Name*
Email*
Company*
Phone Number*

View {{detail.about_title && detail.about_title != null ? detail.about_title : 'On-Demand Webinar'}}

Webcast

Register Now!

{{detail.about_title && detail.about_title != null ? detail.about_title : 'Webinar'}} Expired

Download the {{detail.about_title && detail.about_title != null ? detail.about_title : 'Ebook'}}

Email
{{ queryPhoneCode }}
Phone Number

Show full article video

Name Date Place
{{classRoomData.Date}} {{classRoomData.Place}} View Details

About the Author

{{detail.author_biography}}

About the Author

{{author.about_author}}