Cybercriminals recently attempted to make fraudulent transfers of money totaling nearly a billion dollars out of the Bangladesh Central Bank's account at the Federal Reserve Bank of New York. While most of the payments were detected as problematic and, therefore, blocked, approximately $81 million was successfully stolen – transferred to accounts in the Philippines from which it was funneled through local casinos.

A report from BAE Systems indicates that the crooks likely hacked not only into the bank but also into the international money transfer platform owned together by 3,000 financial institutions called SWIFT. SWIFT confirmed this week that it was aware of an ongoing malware attack targeting its infrastructure via its client software, and issued a special warning for financial institutions to be especially vigilant.

What is fascinating, however, is not just how significant the Bangladesh theft is becoming on a global scale, but how poor the bank’s information security apparently was at the time of the breach. According to an investigator at the bank, the bank was especially vulnerable because it did both not have firewalls and used second-hand, inexpensive switches to connect computers to the SWIFT global payment network.

​You read that correctly: No firewalls. $10 used switches. To protect systems connected to a global funds transfer network.

The aforementioned two security weaknesses obviously put the bank at risk by making it much easier for hackers to break into the bank and attempt to make fraudulent money transfers using the bank’s SWIFT credentials – something that may end up putting people all over the world at risk as well.

This episode raises an important question: Would you have thought that a bank handling billions of dollars could be operating without well-configured firewalls – never mind without necessary firewalls altogether?
There is a tremendous lesson to be learned: Don’t assume anything when it comes to information security.
 
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack – and we’ve got special rates for our readers!

Duration and Fees for Our Online Cyber Security Training

Cyber Security training programs usually last from a few weeks to several months, with fees varying depending on the program and institution

Program NameDurationFees
Executive Certificate Program in Cybersecurity

Cohort Starts: 28 Nov, 2024

7 months$ 2,499
Professional Certificate Program in Cybersecurity

Cohort Starts: 4 Dec, 2024

20 weeks$ 3,500
Caltech Cybersecurity Bootcamp

Cohort Starts: 13 Jan, 2025

6 Months$ 8,000
Cyber Security Expert Masters Program4 months$ 2,599

Get Free Certifications with free video courses

  • Introduction to Cyber Security

    Cyber Security

    Introduction to Cyber Security

    2 hours4.6271.5K learners
  • Introduction to Cybercrime

    Cyber Security

    Introduction to Cybercrime

    2 hours4.636.5K learners
prevNext

Learn from Industry Experts with free Masterclasses

  • CISSP Demo Session

    Cyber Security

    CISSP Demo Session

    29th Aug, Monday9:00 AM CDT
  • CISSP Demo Session

    Cyber Security

    CISSP Demo Session

    15th Aug, Monday9:00 AM CDT
  • Expert Webinar: Ask Our Cyber Security Expert

    Cyber Security

    Expert Webinar: Ask Our Cyber Security Expert

    28th Jul, Thursday10:00 AM CDT
prevNext