“The Bank did not experience financial loss in this incident,” it said. “There was no disruption to other payment and settlement systems that the Bank operates.”
But it advised financial institutions to be “vigilant of the heightened risk in cybersecurity and continue to strengthen their security safeguards.”
This is the second known cyber attack on a central bank, after the Bank of Bangladesh lost US$81 million in 2016. Fraudulent SWIFT transfer requests were also involved in that case.
“You didn’t actually catch the hackers,” Tom Kellerman, a former member of the World Bank security team told the Reuters news agency. “That adversary is still out there attempting to exploit the system.”
The Russian central bank said in February that a Russian financial institution lost the equivalent of US$6 million last year in a cyber attack using the SWIFT messaging system. Cyber attacks involving SWIFT messages have also been reported by Taiwan’s Far Eastern International Bank and Nepal’s NIC Asia Bank.
SWIFT officials have acknowledged that cyber theft attempts that target its system have been increasing and becoming more sophisticated. It launched a real-time payment controls service in 2017 as part of its Customer Security Program.
“The new fraud and cyber-crime prevention service will enable SWIFT customers to screen their payment messages according to their own chosen parameters, enabling them to immediately detect any unusual message flows before,” it said at the time.
SWIFT has not issued a statement on the Bank Negara case on its website, but it told Reuters in an e-mail that it has seen “no indication that our network and core messaging services have been compromised.”
Are you vulnerable?
SWIFT says its messaging platform, products and services connect more than 11,000 banking and securities organizations, market infrastructures and corporate customers in more than 200 countries and territories. In theory, any of those 11,000 customers could be at risk from cyber attacks, though alert institutions like Bank Negara can foil them — for now.
“After the attack on our central bank, SWIFT took several measures to protect the system globally, but yet this is happening, meaning criminals have more ability and more capable weapons,” Abu Hena Mohd. Razee Hassan, deputy governor of Bangladesh Bank, told Reuters in Dhaka.
“This is the time to further improve the financial transfer system globally.”