SWIFT Software Bug Exploited by Bangladesh Bank Hackers.

Swift-Software-ExploitedA bug in SWIFT banking software may have been exploited to allow hackers to make off with $81 million from Bangladesh’s central bank in February, according to reports. Investigators at British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been designed to change code in SWIFT’s Access Alliance software to tamper with a database recording the bank’s activity over the network. That apparently allowed the attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances – effectively hiding the heist from officials. The malware even interfered with a printer to ensure that paper copies of transfer requests didn’t give the attack away. It’s thought that the malware was part of a multi-layered attack and used on the SWIFT system once Bangladesh Bank admin credentials had been stolen. Although it was written specifically for this attack it could be repurposed for similar attacks in the future, BAE claimed.

Read more at
http://www.infosecurity-magazine.com/news/swift-software-exploited/