In February 2016, Bangladesh Bank famously became the victim of a cyber attack targeting the bank’s infrastructure connected to SWIFT. Rapidly following the attack SWIFT launched its Customer Security Programme in a concerted effort to drive industry-wide collaboration against the cyber threat and to help reinforce and safeguard the security of the wider ecosystem.
In this report we examine the trends we observed over the course of 2018 and 2019, showcasing how both business and security information can utilise tell-tell signs, and become key in detecting and responding to attempted attacks.
The main characteristics set out in this report relate to the evolution in the location of Target banks, in the amounts attempted per fraudulent transaction and in attackers’ reconnaissance practices and timing. The report also describes how attackers are varying their practices as far as timing, and preferred currencies are concerned, and it identifies the regional locations of the compromised or “mule” accounts used in these attempted thefts.