Hackers try smaller amounts three years after $100-million heist
Three years after hackers managed to siphon off more than
$100 million from the Bangladeshi central bank’s account in the US Federal
Reserve, cyber criminals are going smaller.
In 2018, attempted fraudulent transactions ranged from
$250,000 and $2 million, down from tens of millions of dollars in the previous
two years, interbank messaging system Swift said in a report on Wednesday.
Almost all fraudulent transactions—83 percent—were sent to banks in the Asia-Pacific
region, while the targeted lenders were mostly located in countries rated
highly corrupt by international regulators, Swift said. Tajikistan, Mozambique
and Afghanistan topped those rankings in 2018.
“The higher the value of the instruction, the higher the
risk of triggering fraud-detection systems,” Swift said in the study. “Since
the cyber incident in Bangladesh, the amounts sent in individual fraudulent
transactions has evolved, making them harder to detect.”
Swift, which has more than 11,000 members globally,
introduced a set of cyber-security measures after the electronic heists of 2016
with targets that included the central bank of Bangladesh. It’s also provided
new services that member-banks can use to catch anomalies in their
wire-transfer orders.
As the attempted transfer amounts fell, hackers also started
sending their fraudulent orders during business hours, hoping they’d blend in
with legitimate Swift messages. In the past, such orders were typically sent
during holidays or outside regular hours to bypass human detection, Swift said.
It didn’t disclose the total amount cyber criminals tried to steal through
fraudulent messages last year or what percentage of attempts were successful.
Gloss