Foreign hackers had been attacking Philippine banks since late last year, and slowed down only after the theft of $81 million from the central bank of Bangladesh was discovered, the Inquirer learned on Friday.
The attacks—characterized as “probing attempts” to uncover weaknesses in banks’ computer systems—were made against many local financial institutions, according to information gathered by international cybersecurity firms quoted by a banker who spoke on condition of anonymity because the information was proprietary and confidential.
“We noticed that these cyberattacks increased in frequency sharply starting around November 2015, and died down only toward the end of March 2016,” the banker said.
The banker said the attempts to penetrate local banks’ computer systems abated when the investigation of the Bangladesh Bank heist gathered steam in the Philippines in March.
In that attack, hackers stole $81 million from the account of Bangladesh Bank in the Federal Reserve Bank of New York and laundered the money in the Philippines through Rizal Commercial Banking Corp., a foreign exchange broker and casinos.
Similar attacks
The hackers have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, according to US cybersecurity company Symantec Corp.
In a blog post published on Thursday, Symantec said it had “found evidence” that a Philippine bank “has also been attacked by the group that stole $81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam.”
Reuters reported on the Symantec statement on Friday.
Symantec did not identify the Philippine bank or say whether any money was stolen, but said the attacks could be traced back to October last year.
Central Bank deputy governor Nestor Espenilla told Reuters that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyberattacks.
“We are checking if there are similar attacks on Philippine banks,” Espenilla said. “However, no reported losses so far.”
He added: “It is one thing to be attacked. It is another to lose money.”
North Korea blamed
Symantec did not identify the hackers, but the United States has blamed the attack on Sony on North Korea.
Cybersecurity firm BAE Systems also said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.
“Malware used by the group was also deployed in targeted attacks against a bank in the Philippines,” Symantec said. “In addition to this, some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus.”
Malware is a term for the “malicious software” surreptitiously installed by hackers into the computer systems of their targets, like banks or government agencies, with the aim of exploiting vulnerabilities, stealing funds or information, or simply to cripple their operations.
Symantec has identified three pieces of malware used in limited targeted attacks against the financial industry in Southeast Asia, with one found to have been connected to the Lazarus group of hackers.
“Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea,” Symantec said.
“There is a pretty hard connection now to the Sony attacks and the actor behind them” and the Bangladesh heist, Eric Chien, technical director at Symantec, told Reuters in an interview.
Chien said if North Korea was responsible for the hacks on banks via the Swift (or the Society for Worldwide Interbank Financial Telecommunication) messaging network, it would represent the first known episode of a nation-state stealing money in a cyberattack.
Swift alert
Symantec said the attack on Bangladesh Bank triggered an alert by the Swift international payments network after it was found that the attackers had used malware to cover up evidence of fraudulent transfers.
“Swift issued a further warning, saying that it had found evidence of malware being used against another bank in a similar fashion,” Symantec said.
“Vietnam’s Tien Phong Bank subsequently stated that it intercepted a fraudulent transfer of over $1 million in the fourth quarter of last year. Swift concluded that the second attack indicates that a ‘wider and highly adaptive campaign’ is under way targeting banks.”
A third bank, Banco del Austro in Ecuador, was also reported to have lost $12 million to attackers using fraudulent Swift transactions. “However, no details are currently known about the tools used in this incident or if there are any links to the attacks in Asia,” Symantec said.
Swift this week urged banks to bolster their security, saying it was aware of multiple attacks.
Symantec said the discovery of more attacks “provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.”
“While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant,” Symantec said.
RELATED STORIES
Bank exec assures: PH banks secure from hackers
Hackers steal $100M from Bangladesh bank
PH blocks $870M stolen from Bangladesh