PH banks on alert after Malaysia hack try
BSP Gov. Nestor Espenilla Jr.
Hackers who tried to steal from Malaysia’s central bank earlier in the week apparently did not plan to transfer any funds they might have stolen to the Philippines as those who broke into Bangladesh Bank had done two years ago, according to Bangko Sentral ng Pilipinas (BSP) Gov. Nestor Espenilla Jr.
Bank Negara Malaysia informed the BSP on Wednesday that it foiled a major cyberheist attempt a day earlier, prompting Espenilla to put the Philippines’ financial system on heightened alert against laundered cash as the country began its long Lenten holiday.
Espenilla said he alerted the Bankers Association of the Philippines about the hacking attempt, which was reminiscent of the theft of $1 billion from the Bangladeshi central bank in 2016, of which $81 million found its way into a Philippine bank.
Int’l cooperation protocol
“The Bank Negara just sounded a general alert to the central banking community,” he said. “In turn we alerted our own banking community. These are all in line with our international cooperation protocol,” Espenilla said.
He said preliminary reports showed no indication that the hackers would have laundered any stolen funds in the Philippines had they succeeded.
In a press statement late on Thursday, Bank Negara Malaysia said it detected and stopped “a cybersecurity incident involving attempted unauthorized fund transfers using falsified SWIFT messages.”
“Hackers tend to take advantage of long holidays anywhere in the world, similar to the timing when they hit Bangladesh Bank,” Espenilla said, referring to the 2016 hacking, which was just ahead of a three-day Chinese New Year weekend.
Investigators noted then that hackers took advantage of the long weekend, when bank transactions are processed with less scrutiny, to move the stolen Bangladeshi funds to accounts in Rizal Commercial Banking Corp.
“We now take extra precautions during such long holidays as standard operating procedure,” the BSP chief said. “The Bank Negara Malaysia incident is another reminder of the need for vigilance.”
Prompt action
Malaysia’s central bank said it did not lose any funds but did not disclose how much the hackers tried to steal through the SWIFT system — the same method used during the Bangladesh Bank attack.
“All unauthorized transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions,” it said. “There was also no disruption to other payment and settlement systems that the bank operates.”
Comprehensive investigation
It said it was conducting a comprehensive investigation in collaboration with local and international law enforcement agencies.
The bank said all its risk control measures were effective in curtailing the cyberheist but it had taken “additional safeguards to protect its stakeholders.”
Brussels-based SWIFT, Society for Worldwide Interbank Financial Telecommunication, declined to comment on the incident, saying it did not comment on individual entities.
Abu Hena Mohd. Razee Hassan, deputy governor of Bangladesh Bank, told Reuters news agency in Dhaka that the latest attack showed that the SWIFT platform remained vulnerable.
“After the attack on our central bank, SWIFT took several measures to protect the system globally but yet this is
happening, meaning criminals have more ability and more capable weapons,” Hassan said. “So this is the time to further improve the financial transfer system globally.”
In February last year, the Russian central bank said unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank in an attack using the SWIFT system. —With a report from the wires
