Banks urged to tighten security as hacks continue 駭客持續入侵 銀行迫切加強資安
The global banking system is (still) under attack.全球銀行系統正(仍)備受攻擊。
SWIFT, the
messaging network that connects the world's banks, says it has identified new
hacks targeting its members, and it is warning them to beef up security in the
face of "ongoing attacks." It did not name the banks affected.
SWIFT是連結世界銀行的訊息網絡組織,SWIFT表示他們鑑定出瞄準網站會員的新型駭客,警告銀行對於「面臨的駭客攻擊」加強保護措施,但並沒有指出是哪些銀行受攻擊。
The warning
follows cyberattacks on banks in Bangladesh, Vietnam, the Philippines and Ecuador in which
malware was used to circumvent local security systems, and in some cases, steal
money.
孟加拉、越南、菲律賓及厄瓜多爾這些地方惡意軟體用來躲避當地的保全系統,而有時候是用來盜款,因為這些事件而對銀行提出網絡攻擊警告。
An attack on
Bangladesh's central bank yielded $101 million. Ecuador's Banco del Austro was
hit for $12 million.
孟加拉的中央銀行發生一起攻擊事件,造成一億一百萬元美元損失,厄瓜多爾的Banco del
Austro銀行也受害損失一千兩百萬美元。
The message from SWIFT, which was first reported by Reuters, urges banks
to protect themselves against the "persistent, adaptive and sophisticated"
attacks, which use a similar method to crack their local security systems.
最初來自SWIFT的訊息是由路透社報導,勸導銀行們保護自己不要受到這樣「具有持續性、適應性且複雜」的攻擊,使用相同手法來瓦解當地保全系統的攻擊威脅。
"These
weaknesses have been identified and exploited by the attackers, enabling them
to compromise the customers' local environments and input the fraudulent messages,"
SWIFT said.
「這些弱點已經被攻擊者發現且加以利用,讓他們能危害顧客端的環境,並置入詐騙訊息」SWIFT表示。
SWIFT did not
say how many new attacks had been discovered. The company says that its network
and core messaging services have not been compromised by the attacks.
SWIFT並沒有發表發現多少起新攻擊事件,該公司表示他們的網絡和核心訊息服務並不會向這些攻擊妥協。
In each
documented case, the criminals followed the same basic pattern:
在每一個歸檔的事件中,犯人會遵循相同的模式:
在每一個歸檔的事件中,犯人會遵循相同的模式:
1.Attackers
used malware to circumvent a bank's local security systems.
1.攻擊者使用惡意軟件來躲避銀行的保全系統
1.攻擊者使用惡意軟件來躲避銀行的保全系統
2.They
gained access to the SWIFT messaging network.
2.他們進入SWIFT的訊息網絡
2.他們進入SWIFT的訊息網絡
3.Fraudulent
messages were sent via SWIFT to initiate cash transfers from accounts at larger
banks.
3.用SWIFT發送詐騙訊息,來引誘大銀行中的帳戶現金轉帳
3.用SWIFT發送詐騙訊息,來引誘大銀行中的帳戶現金轉帳
SWIFT CEO
Gottfried Leibbrandt warned in May that more attacks could have occurred.
SWIFT 執行長Gottfried Leibbrandt在五月就警告會發生越來越多的攻擊事件。
"The
Bangladesh fraud is not an isolated incident: we are aware of at least two, but
possibly more, other cases where fraudsters used the same modus operandi,
albeit without the spectacular amounts," he said.
他說:「孟加拉的詐騙並不是獨立的事件:我們知道至少兩起,但可能有更多,其他事件中,儘管沒有大筆數量,詐騙嫌犯都是使用相同的模式手法。」
他說:「孟加拉的詐騙並不是獨立的事件:我們知道至少兩起,但可能有更多,其他事件中,儘管沒有大筆數量,詐騙嫌犯都是使用相同的模式手法。」
Leibbrandt
said the method of attack is much more serious than a typical data breach or theft of customer information. Instead, the loss of control over payment
channels could bring down a bank.
Leibbrandt表示攻擊的方法比一個典型的顧客資料外洩或竊取更加嚴重,取而代之的是,付款管道的失控可能會拖垮一家銀行。
Leibbrandt表示攻擊的方法比一個典型的顧客資料外洩或竊取更加嚴重,取而代之的是,付款管道的失控可能會拖垮一家銀行。
"In the recent cases, thieves were able to move just some of those
banks' overseas assets," he said. "As a result, for the banks concerned,
the events haven't been existential. The point is that they could have
been."
他說:「在最近的案例中,小偷們只能帶走某部分銀行的海外資產,而銀行關注的結果是,這些事件並沒有發生,重點是他們之前可能發生。」
他說:「在最近的案例中,小偷們只能帶走某部分銀行的海外資產,而銀行關注的結果是,這些事件並沒有發生,重點是他們之前可能發生。」
SWIFT is taking extra measures to secure client banks, including
sharing more information, supporting security audits
and introducing tougher requirements for local bank computer networks.
SWIFT採取額外的方法來保護客戶銀行,包括共享更多資訊、協助保全稽核,並且為當地銀行電腦網絡引進更高的規格。
Cybersecurity
researchers have suggested that a hacking team known as "Lazarus" is
responsible for the attacks. In May, U.S. law enforcement officials told
CNNMoney that the attackers may be
linked to North Korea.
網路安全的研究員表示一個叫做「Lazarus」的駭客組織正在進行攻擊,五月美國執法人員告訴CNNMoney這些攻擊者可能會聯合北韓。
