Three years after hackers managed to siphon off close to US$1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, criminals are now vying for smaller amounts in an attempt to avoid detection.
A report by Bloomberg said that the amount of money stolen in 2018 averaged between $250,000 and $2 million, which is down from amounts in the tens of millions, according to a report by interbank messaging service SWIFT.
Almost all fraudulent transactions — 83 percent — were sent to banks in the Asia-Pacific region, while the targeted lenders were mostly located in countries rated highly corrupt by international regulators like Tajikistan, Mozambique and Afghanistan, SWIFT said.
‘The higher the value of the instruction, the higher the risk of triggering fraud-detection systems,’ SWIFT said in the study.
‘Since the cyber incident in Bangladesh, the amounts sent in individual fraudulent transactions have evolved, making them harder to detect.’
SWIFT has upwards of 11,000 global members, and created a set of measures for protection after a swath of electronic heists in 2016, many of which targeted the central bank of Bangladesh. SWIFT has also provided banks with technology to notice abnormalities in wire transfers.
In addition to the lower amounts that cyber criminals are trying to steal, they’ve also been sending the orders during daytime hours in an attempt to blend in with normal daily traffic.
Before, criminals would send the orders on holidays or after banking hours in the hopes of avoiding detection.
SWIFT’s information sharing initiative has contributed to significant improvements in the community’s collective cyber defenses as well as the introduction of fraud detection and prevention capabilities, such as the Payment Controls Service and the Daily Validation Report tool.
These products are aimed at mitigating the risks associated with cyber fraud, and are designed to supplement the fraud controls that financial institutions should already have in place.
According to the SWIFT report, the industry should continuously increase the strength and diversity of its defenses and ensure it understands the nature of the changing threat.
This means being proactive in limiting criminal opportunities linked to systems and business practices, it means ensuring proper preparedness and understanding counterparty cyber risk.