Chilean bank and financial services company Banco de Chile said that a virus infiltrated its computer systems and stole $10 million.
We found some strange transactions in the SWIFT system (where banks internationally remit their transactions to other countries). There we realized that the virus was not necessarily the underlying issue, but apparently wanted to defraud the bank.
The attack forced the bank to take a total of 9,000 workstations offline. Even so, this measure didn’t prevent bad actors from conducting four fraudulent transactions sometime thereafter. Those interactions made off with $10 million under the institution’s control and did not affect customers’ funds.
Forensic evidence revealed that the attack likely originated from Eastern Europe or China, where the bulk of the stolen funds ended up going after the attack. Subsequently, Banco de Chile decided to initiate legal proceedings in Hong Kong.
The bank did not confirm the identity of the virus responsible for the attack as of this writing.
In its own reporting of the attack, Bleeping Computer referenced an alert sent out by an IT security company identifying the virus as KillMBR. This is an older name for KillDisk, a type of wiper malware which took on ransomware capabilities in late December 2016.
According to a statement released by the bank on 28 May, Banco de Chile enacted a contingency protocol on 24 May after detecting the virus. It also contacted the Superintendency of Banks and Financial Institutions (SBIF) and apologized for the incident. As translated by Google:
We regret the inconveniences this situation generated. We continue working, in conjunction with local and international advisors, in order to standardize all of our (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/banco-de-chile-says-virus-infiltrated-its-computer-systems-stole-10m/