SlideShare a Scribd company logo

Bangladesh bank heist case study!

Download as PPTX, PDF
Mohammed Jaseem Tp
Mohammed Jaseem Tp

Bangladesh bank heist case study ppt Seminar

Technology
1 of 26
Bangladesh Bank Heist Mohammed Jaseem
Agenda 1. Abstract 2. Introduction 3. Case Presentation 4. Discussion 5. References 10-03-2021 CPT Case Study 2
Abstract The Bangladeshian bank heist was a series of unauthorized transactions made on an official computer of the central bank of Bangladesh. The transactions were made using SWIFT system to deliver the money in different accounts in Sri Lanka and Philippines. The amount of money under the theft was nearly $1 Billion, but most of the payment orders were blocked and there have been some successful attempts to recover some assets. Currently the origin of the attack has been connected to the hacker group Lazarus and North Korea. 3
Introduction As cyberspace has become an embedded element of contemporary society, also banks have become vulnerable against cyber attacks. Financial transactions all over the world are conducted digitally via computer networks and banks are struggling with security issues in the never-ending race against malicious hacker groups. Banks have traditionally been perceived as trustworthy actors when it comes to cyber security, but history knows multiple cases of successful cyber attacks against banks. These successful and devastating attacks have also lead to growing fear of cyber attacks amongst banks (Schuetze, 2016; Kuepper, 2017). 4 11-03-2020 CPT Case Study
Case Presentation Timeline of the attack
Timeline of the attack • The first initiatives for the Bangladeshian bank attack were made in May 2015 • when four bank accounts were opened in Philippine bank for being ready to future transactions. All of the accounts were not used until the day of attack and were clearly established for attack only. • The first problem in the audit process was made as none of these accounts or their owners was authenticated in the process to either check the validity of their owners or transactions. 11-03-2020 CPT Case Study 6
Timeline of the attack • During the opening of a bank account this kind of procedure is not unusual, but the bursts occurred in February 2016, should have triggered actions in safe audit procedures. • The breach to the Bangladesh Bank was made in January, 2016 • The access to bank’s servers made possible the breach to SWIFT network and inject malware to it as it was not separated from other parts. 11-03-2020 CPT Case Study 7
Timeline of the attack • It is very likely that the attackers also installed a keylogger to get the passwords for authorizing the transactions • The target of the attack was the SWIFT Alliance Access software, which is used widely in the banks around the world • The attack itself was started in February, 4 in 2016 by making 35 payment instructions worth of $951M to Federal Reserve Bank 11-03-2020 CPT Case Study 8
Timeline of the attack • The first five of the transactions were completed, but the remaining were successfully blocked partly because of the failures made by the attackers. • The targets of the payments were in the Philippines and Sri Lanka worth of about $100M. • The unauthorized messages were notified in the Bangladesh bank during the February 8 11-03-2020 CPT Case Study 9
Case Presentation Detection
Detection • Guardian (2016b) reported that a bank heist worth almost 1 billion US dollars had been averted • thanks to a spelling mistake in the payment transaction, which prevented the automatic system from completing the transaction • As a result, Deutsche Bank had flagged the transaction as suspect 11-03-2020 CPT Case Study 11
Detection • Nevertheless, as the transaction had been approved by the Fed, it was forwarded to Sri Lanka. There, the transaction was caught by a banking official in the receiving bank as the transfer was unusually large for Sri Lanka • Before clearing the transfer, the Sri Lankan official had contacted Deutsche Bank, which responded that the transfer is indeed suspect. 11-03-2020 CPT Case Study 12
Detection • As the recipient turned out to be a fake entity, the bank was able to freeze the funds and ultimately return them to the originating bank • Out of the reported total sum $870m of all transactions, the attackers managed to transfer only $81m • Fed alerted the central bank of Bangladesh after detecting that the number of transfers to non-banking entities had surged. Without the spelling mistake and the diligent work of banking officials, the attackers could have got away with a way more substantial sum of money after successfully inserting the forged transactions to the SWIFT network. 11-03-2020 CPT Case Study 13
Case Presentation Identity of the attacker
Identity of the attacker • the attacker did try to remove any evidence from the bank’s systems, Kaspersky (2017a) managed to access some of the data through backups of the systems • The recovered files indicate, that the techniques and tools used in the attack can be linked to a group known as Lazarus. 11-03-2020 CPT Case Study 15
Identity of the attacker • Kaspersky summarizes the activities of the Lazarus group as follows: “It’s malware has been found in many serious cyberattacks, such as the massive data leak and file wiper attack on Sony Pictures Entertainment in 2014; the cyberespionage campaign in South Korea, dubbed Operation Troy, in 2013; and Operation DarkSeoul, which attacked South Korean media and financial companies in 2013.” 11-03-2020 CPT Case Study 16
Identity of the attacker • malware is identical to the malware used in the some of the incidents mentioned above. • Even though parts of the code have been modified, probably in order change the signature of the malware and avoid detection by automated traffic analyzing tools, the malware samples from different incidents share some obscure techniques 11-03-2020 CPT Case Study 17
Identity of the attacker • which suggests that payload used in both attacks could come from the same author or group. • One of the obscure techniques found by Kaspersky (2017a) is the complete rewrite of file contents and renaming the file before deletion. Rewriting the file content, possibly multiple times, is commonly used to try to remove the data from the physical device and hinder forensic data recovery attempts. 11-03-2020 CPT Case Study 18
Identity of the attacker • However, when combing through logs of a more recent incident linked to the Lazarus group, Kaspersky (2017b) found a link to the North Korea • While criminals usually mask their real location and IP addresses by using VPN services and proxies, the server logs of a seized Command & Control server indicated, that the server had been accessed once from a North Korean IP address. 11-03-2020 CPT Case Study 19
Identity of the attacker • While IP address is not really a solid evidence for North Korea’s involvement in the group’s activities, it is nevertheless compelling to consider, that the connection could indeed originate from the operator’s real IP address • It is entirely possible, that either human error or misconfiguration has lead some of the operator’s network traffic to be routed directly to the host instead of being routed through a network of proxies and VPNs. 11-03-2020 CPT Case Study 20
Discussion conclusion
Conclusion • In addition to the monetary loss of $81m, the incident severely harmed the trust in the IT systems of the global banking sector • The SWIFT’s model seems to have failed to provide a layered security approach, which allowed the attackers to exploit the system without compromising the core servers of the SWIFT network • SWIFT has taken action and warned the member banks about the growing threat against the financial network, but the potential scale of damage presented in the Bangladesh Central Bank case calls for more concrete measures of system-level revision of the financial network 11-03-2020 CPT Case Study 22
Conclusion • The weekend protocols also should be considered as a vulnerability in banking sector • The success of the heist was mostly relying on timing during weekend: the lack of sufficient monitoring and means of communication during weekend made it possible that the unauthorized transactions were noticed not until four days after the attack 11-03-2020 CPT Case Study 23
Conclusion • Kaspersky however as a Russian company has also pointed North Korea’s possible involvement in the bank heists conducted by Lazarus. Whoever or whatever organization was eventually behind the bank heist, the most important thing is to focus on revisioning and enhancing the cybersecurity of financial messaging networks and the cybersecurity strategies of individual banks. 11-03-2020 CPT Case Study 24
“Unless and until our society recognizes cyber bullying for what it is, the suffering of thousands of silent victims will continue” Anna Maria Chavez 11-03-2020 CPT Case Study 25
Thank you Mohammed Jaseem Jaseem@relicstudio.dev www.jaseem.tech 11-03-2020 CPT Case Study 26

Recommended

Deciphering the Bengladesh bank heist
Deciphering the Bengladesh bank heistDeciphering the Bengladesh bank heist
Deciphering the Bengladesh bank heistJérôme Kehrli
 
Bnagldesh bank heist
Bnagldesh bank heistBnagldesh bank heist
Bnagldesh bank heistSumon Chowdhury
 
Bangladesh Bank Foreign Exchange Heist
Bangladesh Bank Foreign Exchange HeistBangladesh Bank Foreign Exchange Heist
Bangladesh Bank Foreign Exchange HeistAinulHasan4
 
Money laundering
Money laundering Money laundering
Money laundering Ashwini Chavan
 
Presentation AML
Presentation AMLPresentation AML
Presentation AMLMirsazzad
 
Banking Disruption in Financial Services: Threats and Opportunities
Banking Disruption in Financial Services: Threats and OpportunitiesBanking Disruption in Financial Services: Threats and Opportunities
Banking Disruption in Financial Services: Threats and OpportunitiesDogTelligent
 
Bitcoin as an Emerging Technology Written Report
Bitcoin as an Emerging Technology Written ReportBitcoin as an Emerging Technology Written Report
Bitcoin as an Emerging Technology Written ReportShane Hickey
 
AML presentation
AML presentationAML presentation
AML presentationJowhar Roshan
 

Recommended

Deciphering the Bengladesh bank heist
Deciphering the Bengladesh bank heistDeciphering the Bengladesh bank heist
Deciphering the Bengladesh bank heistJérôme Kehrli
 
Bnagldesh bank heist
Bnagldesh bank heistBnagldesh bank heist
Bnagldesh bank heistSumon Chowdhury
 
Bangladesh Bank Foreign Exchange Heist
Bangladesh Bank Foreign Exchange HeistBangladesh Bank Foreign Exchange Heist
Bangladesh Bank Foreign Exchange HeistAinulHasan4
 
Money laundering
Money laundering Money laundering
Money laundering Ashwini Chavan
 
Presentation AML
Presentation AMLPresentation AML
Presentation AMLMirsazzad
 
Banking Disruption in Financial Services: Threats and Opportunities
Banking Disruption in Financial Services: Threats and OpportunitiesBanking Disruption in Financial Services: Threats and Opportunities
Banking Disruption in Financial Services: Threats and OpportunitiesDogTelligent
 
Bitcoin as an Emerging Technology Written Report
Bitcoin as an Emerging Technology Written ReportBitcoin as an Emerging Technology Written Report
Bitcoin as an Emerging Technology Written ReportShane Hickey
 
AML presentation
AML presentationAML presentation
AML presentationJowhar Roshan
 
SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement Aman Lalpuria
 
Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn
 
Introduction to Digital Financial Services
Introduction to Digital Financial ServicesIntroduction to Digital Financial Services
Introduction to Digital Financial ServicesCGAP
 
Anti Money Laundering Presentation
Anti Money Laundering PresentationAnti Money Laundering Presentation
Anti Money Laundering PresentationAudrius Sapola
 
Payment systems
Payment systemsPayment systems
Payment systemsmohitkumar1232001
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK Melissa Cammarata
 
Trade Based Money Laundering
Trade Based Money LaunderingTrade Based Money Laundering
Trade Based Money LaunderingSaiful Islam
 
An introduction to SWIFT gpi
An introduction to SWIFT gpiAn introduction to SWIFT gpi
An introduction to SWIFT gpiBNP Paribas Cash Management
 
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017Shamsul Arefin
 
Payment systems
Payment systemsPayment systems
Payment systemsAbhijeet Deshmukh
 
The Digital Financial Services landscape
The Digital Financial Services landscapeThe Digital Financial Services landscape
The Digital Financial Services landscapePeter Zetterli
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentationwilliamsmcguire
 
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismAnti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismPuni Hariaratnam
 
Fraud forgery and scams powerpoint
Fraud forgery and scams powerpointFraud forgery and scams powerpoint
Fraud forgery and scams powerpointmortgagerateutah
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPsBesart Qerimi
 
Cash management workshop english
Cash management workshop englishCash management workshop english
Cash management workshop englishicgfmconference
 
SVB Crisis Report.pdf
SVB Crisis Report.pdfSVB Crisis Report.pdf
SVB Crisis Report.pdfRoy Ahuja
 
Traditional & online banking
Traditional & online bankingTraditional & online banking
Traditional & online bankingSMART LEARNING -SEE YOUR WORLD IN DIFFRENT WAY
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 
PPT Wells Fargo
PPT Wells FargoPPT Wells Fargo
PPT Wells FargoMyAssignmenthelp.com
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?Easy Solutions Inc
 

More Related Content

What's hot

SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement Aman Lalpuria
 
Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn
 
Introduction to Digital Financial Services
Introduction to Digital Financial ServicesIntroduction to Digital Financial Services
Introduction to Digital Financial ServicesCGAP
 
Anti Money Laundering Presentation
Anti Money Laundering PresentationAnti Money Laundering Presentation
Anti Money Laundering PresentationAudrius Sapola
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK Melissa Cammarata
 
Trade Based Money Laundering
Trade Based Money LaunderingTrade Based Money Laundering
Trade Based Money LaunderingSaiful Islam
 
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017Shamsul Arefin
 
The Digital Financial Services landscape
The Digital Financial Services landscapeThe Digital Financial Services landscape
The Digital Financial Services landscapePeter Zetterli
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentationwilliamsmcguire
 
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismAnti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismPuni Hariaratnam
 
Fraud forgery and scams powerpoint
Fraud forgery and scams powerpointFraud forgery and scams powerpoint
Fraud forgery and scams powerpointmortgagerateutah
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPsBesart Qerimi
 
Cash management workshop english
Cash management workshop englishCash management workshop english
Cash management workshop englishicgfmconference
 
SVB Crisis Report.pdf
SVB Crisis Report.pdfSVB Crisis Report.pdf
SVB Crisis Report.pdfRoy Ahuja
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 

What's hot (20)

SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement SWIFT - Clearing and Settlement
SWIFT - Clearing and Settlement
 
Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016
 
Introduction to Digital Financial Services
Introduction to Digital Financial ServicesIntroduction to Digital Financial Services
Introduction to Digital Financial Services
 
Anti Money Laundering Presentation
Anti Money Laundering PresentationAnti Money Laundering Presentation
Anti Money Laundering Presentation
 
Payment systems
Payment systemsPayment systems
Payment systems
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
 
Trade Based Money Laundering
Trade Based Money LaunderingTrade Based Money Laundering
Trade Based Money Laundering
 
An introduction to SWIFT gpi
An introduction to SWIFT gpiAn introduction to SWIFT gpi
An introduction to SWIFT gpi
 
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
Trade based money laundering dr. arefin , dg (prevention ) acc) on 23 may 2017
 
Payment systems
Payment systemsPayment systems
Payment systems
 
The Digital Financial Services landscape
The Digital Financial Services landscapeThe Digital Financial Services landscape
The Digital Financial Services landscape
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentation
 
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of TerrorismAnti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of Terrorism
 
Fraud forgery and scams powerpoint
Fraud forgery and scams powerpointFraud forgery and scams powerpoint
Fraud forgery and scams powerpoint
 
Anti money laundering - PEPs
Anti money laundering - PEPsAnti money laundering - PEPs
Anti money laundering - PEPs
 
Cash management workshop english
Cash management workshop englishCash management workshop english
Cash management workshop english
 
SVB Crisis Report.pdf
SVB Crisis Report.pdfSVB Crisis Report.pdf
SVB Crisis Report.pdf
 
Traditional & online banking
Traditional & online bankingTraditional & online banking
Traditional & online banking
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.
 
PPT Wells Fargo
PPT Wells FargoPPT Wells Fargo
PPT Wells Fargo
 

Similar to Bangladesh bank heist case study!

Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?Easy Solutions Inc
 
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...Ajay Alex
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar CyberattacksPanda Security
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docx
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docxFrancophoned – A Sophisticated Social Engineering AttackBy Syma.docx
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docxbudbarber38650
 
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2Neo4j
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity gppcpa
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
 
Blockchain for Anti Money Laundering (AML) Transaction Monitoring
Blockchain for Anti Money Laundering (AML) Transaction MonitoringBlockchain for Anti Money Laundering (AML) Transaction Monitoring
Blockchain for Anti Money Laundering (AML) Transaction MonitoringFloyd DCosta
 
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)Kullarat Phongsathaporn
 

Similar to Bangladesh bank heist case study! (20)

Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?Could the Attacks on the SWIFT Network Have Been Prevented?
Could the Attacks on the SWIFT Network Have Been Prevented?
 
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial Institutions
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docx
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docxFrancophoned – A Sophisticated Social Engineering AttackBy Syma.docx
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docx
 
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2
Neo4j im Einsatz gegen Geldwäsche und Finanzbetrug - Teil 2
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
8. cyber51-case-studies
8. cyber51-case-studies8. cyber51-case-studies
8. cyber51-case-studies
 
CYBER CRIME
CYBER CRIMECYBER CRIME
CYBER CRIME
 
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
 
Blockchain for Anti Money Laundering (AML) Transaction Monitoring
Blockchain for Anti Money Laundering (AML) Transaction MonitoringBlockchain for Anti Money Laundering (AML) Transaction Monitoring
Blockchain for Anti Money Laundering (AML) Transaction Monitoring
 
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)
B20: AMLO | FinTecha and New Technologies: AML/CTF Perspectives (5 Jul 2017)
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Bangladesh bank heist case study!

  • 2. Agenda 1. Abstract 2. Introduction 3. Case Presentation 4. Discussion 5. References 10-03-2021 CPT Case Study 2
  • 3. Abstract The Bangladeshian bank heist was a series of unauthorized transactions made on an official computer of the central bank of Bangladesh. The transactions were made using SWIFT system to deliver the money in different accounts in Sri Lanka and Philippines. The amount of money under the theft was nearly $1 Billion, but most of the payment orders were blocked and there have been some successful attempts to recover some assets. Currently the origin of the attack has been connected to the hacker group Lazarus and North Korea. 3
  • 4. Introduction As cyberspace has become an embedded element of contemporary society, also banks have become vulnerable against cyber attacks. Financial transactions all over the world are conducted digitally via computer networks and banks are struggling with security issues in the never-ending race against malicious hacker groups. Banks have traditionally been perceived as trustworthy actors when it comes to cyber security, but history knows multiple cases of successful cyber attacks against banks. These successful and devastating attacks have also lead to growing fear of cyber attacks amongst banks (Schuetze, 2016; Kuepper, 2017). 4 11-03-2020 CPT Case Study
  • 6. Timeline of the attack • The first initiatives for the Bangladeshian bank attack were made in May 2015 • when four bank accounts were opened in Philippine bank for being ready to future transactions. All of the accounts were not used until the day of attack and were clearly established for attack only. • The first problem in the audit process was made as none of these accounts or their owners was authenticated in the process to either check the validity of their owners or transactions. 11-03-2020 CPT Case Study 6
  • 7. Timeline of the attack • During the opening of a bank account this kind of procedure is not unusual, but the bursts occurred in February 2016, should have triggered actions in safe audit procedures. • The breach to the Bangladesh Bank was made in January, 2016 • The access to bank’s servers made possible the breach to SWIFT network and inject malware to it as it was not separated from other parts. 11-03-2020 CPT Case Study 7
  • 8. Timeline of the attack • It is very likely that the attackers also installed a keylogger to get the passwords for authorizing the transactions • The target of the attack was the SWIFT Alliance Access software, which is used widely in the banks around the world • The attack itself was started in February, 4 in 2016 by making 35 payment instructions worth of $951M to Federal Reserve Bank 11-03-2020 CPT Case Study 8
  • 9. Timeline of the attack • The first five of the transactions were completed, but the remaining were successfully blocked partly because of the failures made by the attackers. • The targets of the payments were in the Philippines and Sri Lanka worth of about $100M. • The unauthorized messages were notified in the Bangladesh bank during the February 8 11-03-2020 CPT Case Study 9
  • 11. Detection • Guardian (2016b) reported that a bank heist worth almost 1 billion US dollars had been averted • thanks to a spelling mistake in the payment transaction, which prevented the automatic system from completing the transaction • As a result, Deutsche Bank had flagged the transaction as suspect 11-03-2020 CPT Case Study 11
  • 12. Detection • Nevertheless, as the transaction had been approved by the Fed, it was forwarded to Sri Lanka. There, the transaction was caught by a banking official in the receiving bank as the transfer was unusually large for Sri Lanka • Before clearing the transfer, the Sri Lankan official had contacted Deutsche Bank, which responded that the transfer is indeed suspect. 11-03-2020 CPT Case Study 12
  • 13. Detection • As the recipient turned out to be a fake entity, the bank was able to freeze the funds and ultimately return them to the originating bank • Out of the reported total sum $870m of all transactions, the attackers managed to transfer only $81m • Fed alerted the central bank of Bangladesh after detecting that the number of transfers to non-banking entities had surged. Without the spelling mistake and the diligent work of banking officials, the attackers could have got away with a way more substantial sum of money after successfully inserting the forged transactions to the SWIFT network. 11-03-2020 CPT Case Study 13
  • 14. Case Presentation Identity of the attacker
  • 15. Identity of the attacker • the attacker did try to remove any evidence from the bank’s systems, Kaspersky (2017a) managed to access some of the data through backups of the systems • The recovered files indicate, that the techniques and tools used in the attack can be linked to a group known as Lazarus. 11-03-2020 CPT Case Study 15
  • 16. Identity of the attacker • Kaspersky summarizes the activities of the Lazarus group as follows: “It’s malware has been found in many serious cyberattacks, such as the massive data leak and file wiper attack on Sony Pictures Entertainment in 2014; the cyberespionage campaign in South Korea, dubbed Operation Troy, in 2013; and Operation DarkSeoul, which attacked South Korean media and financial companies in 2013.” 11-03-2020 CPT Case Study 16
  • 17. Identity of the attacker • malware is identical to the malware used in the some of the incidents mentioned above. • Even though parts of the code have been modified, probably in order change the signature of the malware and avoid detection by automated traffic analyzing tools, the malware samples from different incidents share some obscure techniques 11-03-2020 CPT Case Study 17
  • 18. Identity of the attacker • which suggests that payload used in both attacks could come from the same author or group. • One of the obscure techniques found by Kaspersky (2017a) is the complete rewrite of file contents and renaming the file before deletion. Rewriting the file content, possibly multiple times, is commonly used to try to remove the data from the physical device and hinder forensic data recovery attempts. 11-03-2020 CPT Case Study 18
  • 19. Identity of the attacker • However, when combing through logs of a more recent incident linked to the Lazarus group, Kaspersky (2017b) found a link to the North Korea • While criminals usually mask their real location and IP addresses by using VPN services and proxies, the server logs of a seized Command & Control server indicated, that the server had been accessed once from a North Korean IP address. 11-03-2020 CPT Case Study 19
  • 20. Identity of the attacker • While IP address is not really a solid evidence for North Korea’s involvement in the group’s activities, it is nevertheless compelling to consider, that the connection could indeed originate from the operator’s real IP address • It is entirely possible, that either human error or misconfiguration has lead some of the operator’s network traffic to be routed directly to the host instead of being routed through a network of proxies and VPNs. 11-03-2020 CPT Case Study 20
  • 22. Conclusion • In addition to the monetary loss of $81m, the incident severely harmed the trust in the IT systems of the global banking sector • The SWIFT’s model seems to have failed to provide a layered security approach, which allowed the attackers to exploit the system without compromising the core servers of the SWIFT network • SWIFT has taken action and warned the member banks about the growing threat against the financial network, but the potential scale of damage presented in the Bangladesh Central Bank case calls for more concrete measures of system-level revision of the financial network 11-03-2020 CPT Case Study 22
  • 23. Conclusion • The weekend protocols also should be considered as a vulnerability in banking sector • The success of the heist was mostly relying on timing during weekend: the lack of sufficient monitoring and means of communication during weekend made it possible that the unauthorized transactions were noticed not until four days after the attack 11-03-2020 CPT Case Study 23
  • 24. Conclusion • Kaspersky however as a Russian company has also pointed North Korea’s possible involvement in the bank heists conducted by Lazarus. Whoever or whatever organization was eventually behind the bank heist, the most important thing is to focus on revisioning and enhancing the cybersecurity of financial messaging networks and the cybersecurity strategies of individual banks. 11-03-2020 CPT Case Study 24
  • 25. “Unless and until our society recognizes cyber bullying for what it is, the suffering of thousands of silent victims will continue” Anna Maria Chavez 11-03-2020 CPT Case Study 25

Editor's Notes

  1. ID=d924773e-9a16-4d6d-9803-8cb819e99682 Recipe=text_billboard Type=TextOnly Variant=0 FamilyID=AccentBoxWalbaum_Zero