SWIFT-related Cyber Heist on NIC Asia Bank Highlights Business Process Compromise’s Impact
Nepal’s NIC Asia Bank is the latest to fall victim to business process compromise after it uncovered fraudulent fund transfers via the bank’s Society for Worldwide Interbank Telecommunication (SWIFT) systems. The hackers behind the heist tried to transfer the stolen money to various foreign currency accounts in other countries such as Japan, the U.K., and Singapore, as well as Standard Chartered and Mashreq Bank in New York.
NIC Asia Bank has reported the incident to its central bank, Nepal Rastra Bank. Working with other financial institutions such as KPMG India and the Central Investigation Bureau, NIC Asia Bank was able to stop the illegal transactions and recovered 460 million Nepalese rupees (Rs), or around US$4.451 million as of November 6, 2017.
[Related: Security 101: Business Process Compromise
The NIC Asia Bank is the latest to fall victim to SWIFT-related heists, with the incident in Bangladesh’s central bank last year being the most notable for having lost at least $81 million. Financial institutions in Ecuador and Vietnam also made headlines when cybercriminals targeted their SWIFT-related infrastructure. In October 2017, a Taiwanese bank also fell to a similar scheme but managed to recover $46 million out of the $60 million that was stolen and wired to accounts in Cambodia, Sri Lanka, and the U.S.
[Related: Is your enterprise’s mainframe exposed? Your business processes risk getting compromised.]
Business process compromise works by undermining the integrity of the infrastructure that manages the company’s operations, such as exploiting its vulnerabilities or infecting it with data-stealing or altering malware. In NIC Asia Bank’s case, the system supposedly dedicated to processing SWIFT transactions was reportedly also used for other purposes, such as email. The heist was perpetrated during the Tihar, a national five-day holiday in Nepal, when the country’s banks and financial institutions were also closed.
[Related: How cybercriminals can turn your data against you]
Business process compromise isn't just used to hit financial institutions. Organizations large and small—from logistics and shipping, education, and data/business services to the retail industry—are vulnerable to it.
Business process compromise’s adverse impact on the company’s operations, reputation, and bottom line highlight the significance of implementing defense in depth: assess the risks that come with each business process and ensure that countermeasures are in place. Identify discrepancies in your systems and networks; security mechanisms like behavior monitoring and application control (or system lockdown in critical infrastructures), as well as intrusion detection and prevention systems, help in this regard. Enforce the principle of least privilege: data categorization and network segmentation are just some of the best practices information security professionals and systems administrators can adopt to reduce the organization’s data’s attack surface. More importantly, harden the organization’s cybersecurity posture—from the gateways, networks, and servers, down to the company policies and workforce.
Trend Micro Solutions
Trend Micro helps protect medium and large enterprises from business process compromise. Malware in malicious emails are blocked by the endpoint and email security capabilities of the Trend Micro Smart Protection Suites and Network Defense solutions. The Deep Discovery Analyzer found in Trend Micro’s Network Defense helps detect advanced malware and other threats. These solutions are powered by the Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It features high-fidelity machine learning to secure the gateway and endpoint data and applications, and protects physical, virtual, and cloud workloads.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases