Attacks waged against payments run through the SWIFT interbank messaging system - including the $81 million heist from the Bank of Bangladesh - have raised many questions about back-end security practices, fraudulent transaction liability and authentication. What is less discussed, however, is who is behind the attacks, and whether they could be linked to other cyberattacks against international banking systems beyond SWIFT.
Colin McKinty, vice president of cybersecurity strategy for the Americas at security firm BAE Systems, which was hired by SWIFT to help shore up security, says BAE now believes that the malware used in the SWIFT attacks is not unique. In this interview with Information Security Media Group, McKinty says the malicious code used against Bangladesh Bank shares many similarities to code used in the 2014 attack against Sony Pictures, which the U.S. government attributes to North Korea, as well as code used in an attack waged in December 2015 against an unnamed commercial bank in Vietnam.
"We came across a very interesting piece of malware and one of our researchers, during their analysis, recognized that this malware is likely to have been used in the attack against the Bangladesh Bank," McKinty says. "That's where we got engaged with SWIFT. We were able to provide them some insight, with regard to what had happened at the Bangladesh Bank."
And from there, the tale of the malware got more interesting, he adds.
While attributing any of these attacks to a single entity or group is challenging, McKinty says the code used in the Bangladesh attack is not widely available in the underground. As a result, BAE believes that the code used in the SWIFT-related attacks is a variant of the same code used in the attacks against Sony Pictures and the bank in Vietnam, he says.
"We have a large global team that is out there doing research and looking at malware," McKinty says. "We couldn't find that malware anywhere else."
During this interview, McKinty also discusses:
How BAE, along with security and threat-intelligence firm Fox-IT, is helping SWIFT users enhance information sharing; Why global threat intelligence is becoming increasingly critical; Emerging attacks impacting banks and other sectors.In addition to being its vice president of cybersecurity, McKinty has held various roles at BAE in both the U.S. and U.K. In 2007 he took the helm of BAE Systems Applied Intelligence's federal business, which led to a new role: cyber lead for the Americas. Since 2013, McKinty has been the driving force behind BAE Applied Intelligence's break into the security market in the Americas.