Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Banking > NEW AGE BANK ROBBERS STEAL MILLIONS IN CYBER HEISTS

NEW AGE BANK ROBBERS STEAL MILLIONS IN CYBER HEISTS

Published by Gbaf News

Posted on August 24, 2016

8 min read

Last updated: January 22, 2026

Scene depicting aftermath of militia attack in eastern Congo - Global Banking & Finance Review — A haunting image representing the aftermath of a militia attack in eastern Congo's Ituri province, where over 35 civilians were killed. This violence highlights ongoing conflicts in the region related to land and resource disputes.

By Dave Palmer, Director of Technology, Darktrace

Despite the financial sector taking the lead in strengthening their cyber defence, recent studies have found that financial institutions are 300 times more vulnerable to a cyber-attack than any other verticals. And the reality is, financial services companies will permanently remain an attractive target for cybercriminals: if the attackers succeed, the rewards are immediate.

Not only is the frequency increasing, the nature of attacks is changing – they are becoming more sophisticated and harder to detect. Nowadays, we very rarely hear of bank heists in the traditional sense, of masked men holding staff at gunpoint and fleeing with wads of cash.Instead, 2016 has seen a new wave of bank robberies come to prominence: ‘cyberheists’. In February this year, cybercriminals successfully siphoned US$81million from an account held by the Central Bank of Bangladesh. The instructions to steal the money were issued via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, who facilitate financial transactions for more than 10,000 financial institutions in 212 countries.

The attackers gained access to the bank’s credentials for payment transfers by infiltrating the system in January 2016. They installed malware in Bangladesh Bank’s system which helped them gather information on the bank’s operational procedures for international payments and fund transfers, suggesting it was an inside job. Within one month, the hackers had successfully uncovered the passwords needed to authorise their transactions by logging keystrokes.

Ironically, human error saved the day. Had it not been for a spelling mistake in one of the transfer requests, the damage could have been in the region of US$1 billion. This spelling mistake triggered the alarm, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank. The transaction was stopped,an additional $20 million destined for the Philippines recovered, and 30 other transfer requests, totalling approximately $951 million, were blocked.

It was then discovered that a similar hacking attack on a small Vietnamese bank late last year may have been a practice run for the assault on Bangladesh’s account at the Federal Reserve Bank of New York.Vietnam’s Tien Phong Commercial Joint Stock Bank, known as TPBank, informed the country’s regulators that it had prevented an attempted cyberheist, that had used fraudulent SWIFT messages to try to transfer more than 1 million Euros of funds. BAE Systems also took malware samples from both the Bangladesh and Vietnam bank attacks which appeared to match, supporting the idea that these two attacks are linked.

These breaches highlight the vulnerabilities of bank connections to the SWIFT messaging system, as well as showing how hackers are becoming syndicated and more sophisticated. A particularly significant feature of the Bangladesh cyber heist, is the supply chain vulnerability – a theme we are seeing develop across the wider cyber security landscape. Even if the organisation itself enforces strong security, their third parties may be less resilient and an infection in one of these networks could easily spread. Companies, therefore, are only as strong as their weakest link – from the CEO to office maintenance contractors- every network insider poses a threat. This shows us that perimeter controls like firewalls and anti-virus are not enough – the danger is already inside. Financial institutions, who are particularly at risk to cybercrime due to the sensitivity of their data and size of their networks, need good visibility within their borders if they want to catch attacks in time.

An immune system approach is the answer:machine learning technology which is able to establish a sense of ‘self’ by monitoring the behaviour of all users, devices and the network as a whole to establish a ‘pattern of life’. This in turn enables it to automatically detect abnormal behaviours, which may be indicative of a cyber-attack,in real time, strengthening an organisation’s ability to respond efficiently and mitigate potential risk posed by external and internal threats.

The stats are hair-raising:it takes targeted companies an average of 208 days to realise their systems have been compromised and 67% of investment bank executives believe an attack is highly likely yet only 9% proactively run inward-directed attacks and intentional failures to test their systems on a regular basis. With current security measures, by the time most banks have realised their systems have been compromised, the damage will have been done. As the nature of attacks on financial institutions becomes more sophisticated, so must their approach to cybersecurity.

By Dave Palmer, Director of Technology, Darktrace

Despite the financial sector taking the lead in strengthening their cyber defence, recent studies have found that financial institutions are 300 times more vulnerable to a cyber-attack than any other verticals. And the reality is, financial services companies will permanently remain an attractive target for cybercriminals: if the attackers succeed, the rewards are immediate.

Not only is the frequency increasing, the nature of attacks is changing – they are becoming more sophisticated and harder to detect. Nowadays, we very rarely hear of bank heists in the traditional sense, of masked men holding staff at gunpoint and fleeing with wads of cash.Instead, 2016 has seen a new wave of bank robberies come to prominence: ‘cyberheists’. In February this year, cybercriminals successfully siphoned US$81million from an account held by the Central Bank of Bangladesh. The instructions to steal the money were issued via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, who facilitate financial transactions for more than 10,000 financial institutions in 212 countries.

The attackers gained access to the bank’s credentials for payment transfers by infiltrating the system in January 2016. They installed malware in Bangladesh Bank’s system which helped them gather information on the bank’s operational procedures for international payments and fund transfers, suggesting it was an inside job. Within one month, the hackers had successfully uncovered the passwords needed to authorise their transactions by logging keystrokes.

Ironically, human error saved the day. Had it not been for a spelling mistake in one of the transfer requests, the damage could have been in the region of US$1 billion. This spelling mistake triggered the alarm, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank. The transaction was stopped,an additional $20 million destined for the Philippines recovered, and 30 other transfer requests, totalling approximately $951 million, were blocked.

It was then discovered that a similar hacking attack on a small Vietnamese bank late last year may have been a practice run for the assault on Bangladesh’s account at the Federal Reserve Bank of New York.Vietnam’s Tien Phong Commercial Joint Stock Bank, known as TPBank, informed the country’s regulators that it had prevented an attempted cyberheist, that had used fraudulent SWIFT messages to try to transfer more than 1 million Euros of funds. BAE Systems also took malware samples from both the Bangladesh and Vietnam bank attacks which appeared to match, supporting the idea that these two attacks are linked.

These breaches highlight the vulnerabilities of bank connections to the SWIFT messaging system, as well as showing how hackers are becoming syndicated and more sophisticated. A particularly significant feature of the Bangladesh cyber heist, is the supply chain vulnerability – a theme we are seeing develop across the wider cyber security landscape. Even if the organisation itself enforces strong security, their third parties may be less resilient and an infection in one of these networks could easily spread. Companies, therefore, are only as strong as their weakest link – from the CEO to office maintenance contractors- every network insider poses a threat. This shows us that perimeter controls like firewalls and anti-virus are not enough – the danger is already inside. Financial institutions, who are particularly at risk to cybercrime due to the sensitivity of their data and size of their networks, need good visibility within their borders if they want to catch attacks in time.

An immune system approach is the answer:machine learning technology which is able to establish a sense of ‘self’ by monitoring the behaviour of all users, devices and the network as a whole to establish a ‘pattern of life’. This in turn enables it to automatically detect abnormal behaviours, which may be indicative of a cyber-attack,in real time, strengthening an organisation’s ability to respond efficiently and mitigate potential risk posed by external and internal threats.

The stats are hair-raising:it takes targeted companies an average of 208 days to realise their systems have been compromised and 67% of investment bank executives believe an attack is highly likely yet only 9% proactively run inward-directed attacks and intentional failures to test their systems on a regular basis. With current security measures, by the time most banks have realised their systems have been compromised, the damage will have been done. As the nature of attacks on financial institutions becomes more sophisticated, so must their approach to cybersecurity.