https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSP 501


Vietnam Success Foiling Hack Shows Risk of Swift Connection

Vietnam Success Foiling Hack Shows Risk of Swift Connection

  • Written by
  • May 17, 2016
Authorities have linked the malware used in three high-profile cyber-attacks, including breaches at Sony and an $81 million bank heist.

(Bloomberg) — A foiled hacking attack on a small Vietnamese bank may have been a practice run for an $81 million cyber assault on Bangladesh’s account at the Federal Reserve Bank of New York, and points to vulnerabilities in how banks connect to the Swift interbank messaging system.

Vietnam’s Tien Phong Commercial Joint Stock Bank, known as TPBank, informed the country’s regulators on Monday that it had fended off a fraudulent transfer request late last year for more than 1 million euros ($1.13 million). The request came through a third-party service that the bank used to connect to the Swift interbank messaging system, the Hanoi-based lender told the central State Bank of Vietnam. The regulator said it’s investigating, though the incident didn’t result in any losses.

“What cyber criminals have been trying to do is focus on banks that might be using outdated versions of Swift or third-party vendor software,” said Kenneth Wong, cyber security leader of PricewaterhouseCoopers China and Hong Kong, calling the Vietnam attack “most likely” a warm-up for the Bangladesh incident. “There’s always a race between software companies and hackers.”

Suspicious Link

Banks are also vulnerable if workers simply click on a suspicious link that places malware on workstations used to make monetary transfers, he said.

“The Swift payment system is only as strong as the operational controls built and enforced around it,” said Mark Williams, a lecturer at Boston University and author of “Uncontrolled Risk” on the rise and fall of Lehman Brothers. He blamed “a lack of strong policies and procedures” for increased vulnerabilities.

In February, Bangladesh lost $81 million after its central bank was infected with malware, according to Mohammed Farashuddin, chief of the government panel on the Bangladesh Bank heist. He pointed the finger at Swift and also said the Federal Reserve Bank of New York didn’t conduct enough due diligence.

“The Vietnam case shows that the global banking system is vulnerable to cyber attacks, and we should make a global effort to prevent these attacks,” Bangladesh Bank spokesman Subhankar Saha said Monday.

Swift has warned users that it was aware of several similar cases, and last week it said that the Bangladesh heist was carried out by malware infecting a PDF reader used by a customer to check statements. In its warning Friday, Swift said customers using PDF reader applications to check confirmation messages should take particular care. Hundreds of billions of dollars are moved internationally through the Swift system every day.

Matching Malware

U.K.-based security firm BAE Systems Plc said in a blog post that malware samples uploaded from Bangladesh and Vietnam are a match, and that the hacks also match a third breach, the 2014 attack on Sony Pictures.

“Looking at it broad base, the Vietnam attack, Bangladesh attack, and going back to Sony, there could be indicators telling us that it’s a very syndicated and sophisticated attack,” said Bill Taylor-Mountford, vice president for the Asia-Pacific region at LogRhythm Inc., a security intelligence company. “The malware looks very similar.”

Emerging-Market Risks

Banks in developing countries such as Vietnam are prime candidates for such attacks and are vulnerable because they often lack the resources to build technological firewalls against hackers, said Alan Pham, chief economist at VinaCapital Group in Ho Chi Minh City.

“When I look at banks across Asia, most of them are unprepared for these types of attacks,” said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye Inc., a malware and network-threat protection system, which has a team hired to conduct a forensics investigation into the Bangladesh heist.

Yet TPBank, a closely held bank with assets of just $3.4 billion at the end of 2015, managed to thwart the hacker’s assault during the fourth quarter of last year, the bank said in an e-mailed statement. Hackers may have installed malware into the third-party software the bank used to use to connect to the Swift system, it said, citing information from Swift. The bank has stopped using the third-party vendor’s service and now deploys its own technology with stronger security to connect directly with Swift, it said, without identifying the vendor.

Best Internet Product

TPBank was deemed to have the Best Internet Banking Product in the country in the annual Asian Banker awards this year.

“Tien Phong is a small bank but equipped with techniques that are modern and sophisticated enough to foil the hacking attempt, successfully preventing the bank from losing money,” said Le Manh Hung, Vietnam central bank’s head of banking technology department.

Vietnam’s central bank alerted the country’s lenders to increase surveillance, Hung said.

“The tide has changed and systemic risk issues are rapidly being redefined to include infrastructure,” said Peter Hahn, banking professor at London’s Institute of Financial Services at IFS University College. “Slowly but surely, the world is coming to realize that the back office of banks and central banks is now part of the front office.”

Vietnam’s regulators will face more pressure to increase Internet financial security as the country becomes more integrated into the global economy, said Trinh Nguyen, a Hong Kong-based senior economist for emerging Asia at Natixis SA.

“As hackers become more sophisticated,” she said, “more talent is also needed from a regulatory point of view to deter losses.”

 

–With assistance from Diep Ngoc Pham Arun Devnath Nguyen Dieu Tu Uyen Nguyen Kieu Giang Ambereen Choudhury Marcus Wright Sharon Cho and Yoolim Lee To contact the reporter on this story: John Boudreau in Hanoi at [email protected] To contact the editors responsible for this story: Linus Chua at [email protected], Sheridan Prasso, Glenys Sim

Tags: MSPs MSP 501

Related


  • Channel Futures MSP 501 logo
    Welcome to the 2021 MSP 501 — Apply Now!
    It's go time! The 2021 MSP 501 survey and rankings are officially open for applications.
  • Hottest Ticket in Town
    Channel Partners Virtual 2021 Is the Hottest Ticket in Town
    And that means any town, since it’s 100% online. Will you be there?
  • 501 Somewhere Logo
    It’s 501 Somewhere: Janet Schijns on Transformational Leadership
    Schijns talks about what it takes to be a true leader, transformational technology, and her three steps for success.
  • Digital workplace
    2020 MSP 501 Full Report
    An in-depth analysis of the managed services industry based on the world’s largest survey of MSPs, the MSP 501.

One comment

  1. Avatar miss Concrafter hd May 22, 2016 @ 2:15 pm
    Reply

    10000000000sc
    10000000000sc

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • MSP 501 ‘MSP of the Year’ Finalist TeamLogic IT on Adapting to Industry Trends
  • MSP 501 Profile: Xantrion Focuses on the People Aspect of Technology
  • MSP 501 Newcomer Award: Oosha Limited Comes of Age
  • MSP 501 — 2020 EMEA Survey & Report

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Ready To Add Cutting Edge IoT Solutions To Your Portfolio?

  • 1
February 25, 2021

What Is The Value Of Distribution For The Internet Of Things?

February 25, 2021

The Internet of Things (IoT): Where do You Begin?

  • 1
February 25, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

#CPVirtual has arrived! Excited for speakers @channelsmart @jldelozier3 @jmcbain and more. dlvr.it/Rtm5yr https://t.co/MiwNsfGGLw

March 1, 2021
ChannelFutures

.@solarwinds incurring additional expenses in aftermath of massive hack. #cybersecurity dlvr.it/Rtlxzd https://t.co/CpBjkIEaus

March 1, 2021
ChannelFutures

.@IBM working with 65 partners for #CloudSatellite services. @IBMPartners dlvr.it/RtlmDC https://t.co/R6IzgklQ6c

March 1, 2021
ChannelFutures

NOW OPEN: 2021 Channel Futures MSP 501 Awards. ✍️ Start your online application today: bit.ly/2021MSP501. Ha… twitter.com/i/web/status/1…

March 1, 2021
ChannelFutures

Applying for the 2021 #MSP501? Check out our FAQs for everything you EVER wanted to know about applying & submittin… twitter.com/i/web/status/1…

March 1, 2021
ChannelFutures

Educate #WFH employees about #phishing and increase emphasis on cybersecurity to avoid a data breach, say @GiacomCM… twitter.com/i/web/status/1…

March 1, 2021
ChannelFutures

Amazon WorkSpaces @awscloud DaaS client will be available on @IGEL_Technology virtual endpoint client OS.… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@VMware cutting more workers in California as part of ongoing #workforcerebalancing. #layoffs… twitter.com/i/web/status/1…

February 26, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X