PH banks tougher against cybercrime, group says

Published: 3:37 p.m., April 1, 2018 | Updated: 12:04 a.m., April 2, 2018

The computer systems of the Philippines’ largest banks are secure enough to deter any new attempts to use the local financial system as a transit and laundering point for illicit funds, thanks to lessons learned from the Bangladesh cyberheist two years ago.

This was said by the head of the Bankers Association of the Philippines’ (BAP) cybersecurity committee in the wake of last week’s attempt by still unknown hackers to steal funds from the Malaysian central bank through the SWIFT bank messaging system — the same vulnerability exploited by cyber thieves to steal $81 million from the Bangladesh Bank in 2016.

“BSP has specified minimum standards to guard against cyber threats, which all need to comply with,” said Edwin Bautista who heads the cybersecurity committee of the umbrella organization representing the country’s largest financial institutions. “The key is cooperation and joint vigilance among banks.”

Bautista, who is also the CEO of Union Bank of the Philippines, said the BAP’s cybersecurity task force put its member banks on alert against any possible movement of illicit funds into the country ahead of the long Holy Week holiday after it received information from the central bank about the foiled hacking attempt on the Bank Negara Malaysia’s SWIFT system.

“BSP passed the information from Malaysia with a warning to be extra vigilant over the holidays to the banks’ cyber security officers and SWIFT units,” Bautista said. “Additional details were issued the following day. We are monitoring the situation but did not issue additional alerts to prevent confusion.”

The information was disseminated to officials of local banks late Thursday just before the country went into a five-day Lenten holiday.

BSP Governor Nestor Espenilla Jr. said that as a matter of standard operating procedure, local banks and regulators are now going into heightened alert mode during long weekends and extended holidays.

“Hackers tend to take advantage of long holidays anywhere in the world, similar to the timing when they hit Bangladesh Bank,” he said, referring to the original incident in 2016 which was hit just ahead of a three-day Chinese New Year weekend. “We now take extra precautions during such long holidays as standard operating procedure. The Bank Negara Malaysia incident is another reminder of need for vigilance.”

Espenilla said that based on preliminary reports, there was no indication that the hackers would have laundered any stolen funds in the Philippine financial system had their plot been successful.

The Malaysian central bank did not disclose how much the hackers tried to steal, but said that “all unauthorized transactions were stopped through prompt action in strong collaboration with SWIFT, other central banks and financial institutions.” /je

Read more...