Banco de Chile publicly disclosed on 28 May that it had detected a virus, presumably from international networks, that affected thousands of its workstations. Now the bank has learned that the cyber-attack was malware and resulted in attackers transferring approximately $10m via the bank’s SWIFT international money transfer systems.
Most of the money has been traced to locations in Hong Kong, and it is believed that a criminal group from Eastern Europe or Asia is responsible for the attack.
In its public declaration, Banco de Chile wrote, “Although these measures affected the quality of our services, they made it possible to ensure the integrity of the information and data at all times, so that the security of the transactions, funds and records of our clients will never be affected. “
As the investigation unfolded, though, it learned that the user accounts were never the target of the attack. The cyber-attack corrupted the master boot records (MBRs) of 9,000 PCs and servers, leaving them unable to be rebooted. Multiple branch computer systems were inoperable, though online systems remained up and running, according to Computing.
What appeared to be a virus was actually MBR Killer malware, according to Trend Micro. Presumably the malware was used as a distraction, and the bank responded as the attackers had hoped: It acted to protect customer accounts. Last weekend, the general manager of Banco de Chile, Eduardo Ebensperger, told La Tercera Pulso, “The event was intended to harm the bank, not the customers.”
Because the bank took measures to safeguard customer accounts by disconnecting approximately 9,000 workstations believed to be infected, attackers were able to steal millions of dollars from the bank.
“We found some strange transactions in the SWIFT system (where banks internationally remit their transactions to different countries). There we realized that the virus was not necessarily the underlying issue, but apparently they wanted to defraud the bank, ” Ebensperger said in an interview with El Pulso.
Calling the attack the first of this magnitude, Ebensperger said it comes as a harbinger of the changing threat landscape and that institutions like Banco de Chile must now rethink how they approach cybersecurity.
“We banks have turned to innovation, it seems that we have to go a little more carefully because the issue of cybersecurity must be untransferable. For us it was, it still is, but we must advance in more sophisticated things that we have not seen before, like this attack,” Ebensperger said.