Bit by bit, indications about how the attackers who targeted Bangladesh’s central bank managed to take off with some $80 milllion (of the nearly $1 billion they aimed for) via fraudulent transfers are coming to light.
First it was established that second-hand, cheap networking equipment that collects next to no network data, and the lack of a firewall between the bank’s SWIFT facility and the rest of the network, helped the attackers pull off the heist.
Today BAE Systems’ security researcher Sergei Shevchenko revealed that they have found and analyzed custom malware that compromised SWIFT software and which they believe was used in the attack.
