Chilean bank and financial services company Banco de Chile said that a virus infiltrated its computer systems and stole $10 million.
On 9 June, Banco de Chile’s general manager Eduardo Ebensperger provided some insight about the attack to La Tercera. A translation by Google is provided below:
We found some strange transactions in the SWIFT system (where banks internationally remit their transactions to other countries). There we realized that the virus was not necessarily the underlying issue, but apparently wanted to defraud the bank.
The attack forced the bank to take a total of 9,000 workstations offline. Even so, this measure didn’t prevent bad actors from conducting four fraudulent transactions sometime thereafter. Those interactions made off with $10 million under the institution’s control and did not affect customers’ funds.
Forensic evidence revealed that the attack likely originated from Eastern Europe or China, where the bulk of the stolen funds ended up going after the attack. Subsequently, Banco de Chile decided to initiate legal proceedings in Hong Kong.
The bank did not confirm the identity of the virus responsible for the attack as of this writing.
In its own reporting of the attack, Bleeping Computer referenced an alert sent out by an IT security company identifying the virus as KillMBR. This is an older name for KillDisk, a type of wiper malware which took on ransomware capabilities in late December 2016.
According to a statement released by the bank on 28 May, Banco de Chile enacted a contingency protocol on 24 May after detecting the virus. It also contacted the Superintendency of Banks and Financial Institutions (SBIF) and apologized for the incident. As translated by Google:
We regret the inconveniences this situation generated. We continue working, in conjunction with local and international advisors, in order to standardize all of our products and services, always with the highest priority to maintain security, although this may temporarily cause a decrease in the quality of service.
It’s unclear how the virus made it onto Banco de Chile’s systems and preyed upon it using the SWIFT network. But this isn’t the first time bad actors have used SWIFT to target financial institutions. Less than five months previously, unknown criminals abused the SWIFT network to steal 339.5 million rubles ($6 million) from the Central Bank of Russia in 2017.
These attacks highlight the need for financial organizations to strengthen their digital security. Tripwire can help in this regard.