US regulators have issued a stern warning to banks that they should update their security before vulnerable computer systems become the target of hackers.
A group of regulators has directed banks to shore up authorization practices and fraud detection in order to guard against hacks through their messaging and payment networks.
The warning from the Federal Financial Institutions Examination Council comes after hackers known as the “Lazarus Group” pulled off at least four high-profile digital bank heists. To date, more than $100 million has been stolen and hackers responsible for the attacks have not been caught.
Hackers have been stealing bank credentials from SWIFT, the worldwide interbank communication network that settles transactions, in order to make transfers.
That system is based on trust — the understanding is that if a bank approves a transaction, it’s really that bank making the call.
The CEO of Mastercard recently explained that smaller banks are usually not as protected against attacks as larger institutions.
In January 2015, hackers broke into Ecuador’s Banco del Austro, stealing $12 million in bank funds that were being held by Wells Fargo in the U.S.
In December, hackers tried to transfer out $1 million from Vietnam’s TPBank, but failed in their attack.
$101 million was stolen from Bangladesh’s central bank when hackers transferred the money out of the New York Federal Reserve.
To slow the attacks SWIFT is added new steps for moving money which require additional steps that prove a real banker is approving a transaction.