Three years after hackers managed to siphon off more than $100 million from the Bangladeshi central bank’s account in the U.S. Federal Reserve, cyber-criminals are going smaller.
In 2018, attempted fraudulent transactions ranged from $250,000 and $2 million, down from tens of millions of dollars in the previous two years, interbank messaging system Swift said in a report Wednesday. Almost all fraudulent transactions — 83 percent — were sent to banks in the Asia-Pacific region, while the targeted lenders were mostly located in countries rated highly corrupt by international regulators, Swift said. Tajikistan, Mozambique and Afghanistan topped those rankings in 2018.
“The higher the value of the instruction, the higher the risk of triggering fraud-detection systems,” Swift said in the study. “Since the cyber-incident in Bangladesh, the amounts sent in individual fraudulent transactions has evolved, making them harder to detect.”
Swift, which has more than 11,000 members globally, introduced a set of cybersecurity measures after the electronic heists of 2016 with targets that included the central bank of Bangladesh. It’s also provided new services that member banks can use to catch anomalies in their wire-transfer orders.
As the attempted transfer amounts fell, hackers also started sending their fraudulent orders during business hours, hoping they’d blend in with legitimate Swift messages. In the past, such orders were typically sent during holidays or outside regular hours to bypass human detection, Swift said. It didn’t disclose the total amount cyber criminals tried to steal through fraudulent messages last year or what percentage of attempts were successful.