Chilean officials are making cybersecurity a top priority, as they just learned that hackers stole over $10 million from the country’s second-largest bank, Banco de Chile.
The bank publicly disclosed on May 28, 2018, that it had detected a virus that infected thousands of its workstations. As the investigation unfolded, the company learned that the cyber-attack corrupted the master boot records (MBRs) of 9,000 PCs and servers, leaving them unable to reboot. This attack forced the bank to halt nearly all operations May 24 at almost 400 branches throughout the country. It took almost two weeks for the bank to resume normal services.
What was originally believed to be a virus turned out to be MBR Killer malware. This ‘MBR Killer' malware was created using the open-source Nullsoft Scriptable Install System and uses VMProtect in an attempt to prevent reverse engineering. It damages the MBR by overwriting the first sector of the target's boot disk.
Many believe the malware was just a distraction and that consumer accounts were never the real target of this attack. The bank, however, took protective measures to safeguard consumer accounts by disconnecting 9,000 workstations that were believed to be infected, leaving attackers able to steal millions of dollars from the bank.
Attackers have since then transferred about $10 million through the banks SWIFT international money transfer systems. The bank started canceling these transactions, but not all of them were recovered. Most of the money has been traced back to Hong Kong and it’s believed that the criminal group responsible for the attack is from either Eastern Europe or Asia.
“We found some strange transactions in the SWIFT system. There we realized that the virus was not necessarily the underlying issue, but apparently they wanted to defraud the bank, “said general manager of Banco de Chile, Eduardo Ebensperger.
The company is adamant that the integrity of its customer accounts, funds or transactions has not been impacted in any way. However, this incident should serve as a stark reminder to financial institutions across the globe that security best practices must be followed and the CIS Controls must be implemented to prioritize security risks within the financial industry.
Read the article on InfoSecurity Magazine