Hackers are probing the defences of banks in the Middle East, targeting employees with infected emails which gather information about the banks’ network and user accounts, FireEye researchers said.
FireEye, a US cyber-security company investigating the February attack on Bangladesh’s central bank in which hackers stole $81 million, said there was no apparent connection with the heist or related attacks on banks in Ecuador and Vietnam.
The identity of the hackers in all three cases is not known.
Cyber-security experts say the attackers would have needed to gather knowledge about bank procedures and systems, as well as gain remote access to launch fraudulent transfer requests.
FireEye researchers said in a blog post that in early May they had identified “a wave of emails containing malicious attachments being sent to multiple banks in the Middle East.”
The senders appeared to be “performing initial reconnaissance against would-be targets” using techniques the researchers said were not usually seen in such campaigns.
Qatar National Bank, the largest lender in the Middle East and Africa by assets, said last month it was investigating an apparent security breach of data posted online this week that revealed the names and passwords of a large number of customers.
A FireEye spokesman said Qatar National Bank was not one of the “several banks” in the Middle East where researchers had found the malware. He did not identify which banks and which countries were affected.
He said the malware had reported back to the hackers’ servers, indicating at least some of the banks had been infected.
Once opened, the malicious email attachments gather information on the user’s system, including network configuration data, user and administration passwords and software running on the bank’s computers.
The security of banks and SWIFT messaging systems has come under scrutiny in the wake of the Bangladesh Bank attack.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.