author photo
By Bruce Sussman
Thu | Jun 14, 2018 | 11:21 AM PDT

Could this be a new model for high stakes cyber attacks going forward? It certainly seems to be happening more often.

At the least, there is an important lesson for cybersecurity teams coming at the expense of Banco de Chile. If an attack hits one part of your system, make sure to keep an eye on the most valuable data or monies you have while you fight the initial problem.

Because that initial attack may be a smokescreen to cover up what the hackers are really after.

Bank Infosecurity put it like this:

"This 'smokescreen' style of attack was most recently used against Banco de Chile, the country's second-largest bank, which on May 24 lost about $10 million due to fraudulent SWIFT wire transfers. The theft happened while the bank was dealing with hundreds of workstations and servers that suddenly stopped working."

How significant was the malware attack, or "smokescreen" part of the problem?

It was bad enough that the bank decided to disconnect 9,000 workstations from its network and began to operate in contingency mode—even notifying vendors like Microsoft to come to Chile to begin a forensic investigation. 

After determining customer deposits were secure and nothing unusual was happening, the bank's security team started looking at other areas, including the bank's SWIFT (inter-bank transfer) transactions.

Chilean publication Latercera interviewed bank General Manager Eduardo Ebensperger Orrego, who gave quite an extensive report on what happened when the bank started looking at SWIFT transactions.

"However, this was precisely what the attackers were looking for because the virus was only a distraction to steal the money from Banco de Chile."

The publication asked the general manager if this will change the way the bank views security. Check out his answer, which was translated from Spanish for this report:

"The antivirus are many, are constantly being updated. What changes is the vision of how things evolve, security used to go in other ways, today this type of attack requires another type of sophistication, another type of knowledge, and we will evolve accordingly. Although we have antivirus and a series of controls and monitoring, we must intensify it. We will take all necessary measures to continue investigating and protecting our clients as we have done so far. This is a new method, that from Chile we saw it a bit far, but now it is coming down to Latin America."

Perhaps a reminder to look for the "smokescreen" style attack should be incorporated into your incident response plan, so you and your team don't forget about this possibility in the heat of the moment.

[Heads up on malware attacks: The odds of being hit increase when President Trump or another world leader is nearby because world leaders attract malware.]

Comments