Malaysian central bank says it foiled attempted cyber-heist

The headquarters of Malaysia's central bank, Bank Negara Malaysia, in Kuala Lumpur, in a file photo taken on Jan 29, 2013.

KUALA LUMPUR/LONDON (REUTERS) - Malaysia's central bank said on Thursday (March 29) it had foiled a cyber attack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform, the latest in a series of electronic heists at financial institutions around the world.

While Bank Negara Malaysia said no funds were lost in the incident which took place on Tuesday (March 27), it is the second known hack of a central bank after the 2016 theft of US$81 million (S$106.2 million) from Bangladesh Bank.

That heist, which also involved fraudulent SWIFT transfer requests, led financial institutions around the globe to bolster security. It was not known who was behind the Bank Negara hack, or how they accessed the bank's SWIFT servers, but it is likely to prompt further calls to increase security.

Bank Negara said it had taken additional safeguards to protect its stakeholders.

"All unauthorised transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions," it said in a statement.

Bank Negara, which supervises 45 commercial banks in Malaysia, did not immediately respond to requests for more details on the falsified messages and how other central banks were involved.

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, did not provide any details on the cyber attack, saying it does not comment on individual entities.

"We have no indication that our network and core messaging services have been compromised," it said in an e-mailed statement.

It was unclear whether money was paid out but intercepted at another bank. Previous thefts have involved stolen money being transferred to a number of banks before arriving at its final end destination.

The US Federal Bureau of Investigation, which is conducting a probe into the Bangladesh Bank heist, was not immediately available for comment on the Bank Negara incident.

Mr Abu Hena Mohd. Razee Hassan, deputy governor of Bangladesh Bank, said the latest attack showed that the SWIFT platform remained vulnerable.

"After the attack on our central bank, SWIFT took several measures to protect the system globally but yet this is happening, meaning criminals have more ability and more capable weapons," Mr Razee Hassan told Reuters in Dhaka.

"So this is the time to further improve the financial transfer system globally."

In February, the Russian central bank said unknown hackers stole 339.5 million roubles (S$7.7 million) from a Russian bank last year in an attack using the SWIFT system.

SWIFT operates an interbank messaging system which is used to carry instructions for money transfers between banks.

SWIFT has said in the past its central network has never been hacked but terminals within banks that are used to access the network have been compromised on at least several occasions in the past couple of years, including in the Bangladesh Bank heist.

Brussels-based SWIFT said late last year digital heists were becoming increasingly prominent as hackers use more sophisticated tools and techniques to launch new attacks.

SWIFT has declined to disclose the number of attacks or identify any victims, but details on some cases have become public, including attacks on Taiwan's Far Eastern International Bank and Nepal's NIC Asia Bank.

The Malaysian central bank said there was no disruption to other payment and settlement systems the central bank operates because of the cyber attack.

The bank said it was conducting an investigation in collaboration with local and international law enforcement agencies.

Join ST's Telegram channel and get the latest breaking news delivered to you.