KIEV (Reuters) - Ukraine’s central bank urged lenders in April to review security procedures, saying thieves had attempted to steal money from a Ukrainian bank using fraudulent SWIFT transfers, according to a confidential message obtained by Reuters.
The warning, issued on April 28, did not identify the bank or say if the cyber attack had been successful, but said it had been similar to the theft in February of $81 million from Bangladesh’s central bank.
That heist involved criminals sending fraudulent payment instructions via SWIFT, the secure messaging system used by banks worldwide. Similar attacks have occurred in Ecuador and Vietnam.
A spokeswoman for SWIFT had no immediate comment.
The notice sent by the Ukrainian central bank said SWIFT had advised its customers about a series of incidents in which hackers had tried to send fraudulent messages via the system, including the Bangladesh case.
“We are also informing you that a similar incident took place in one of the Ukrainian banks,” said the notice, which was signed by a deputy governor of the central bank.
It advised banks to familiarize themselves with the latest SWIFT security recommendations, to ensure that their anti-virus protection was up to date, and check the security settings on parts of their IT systems that connect to the SWIFT network.
Contacted by Reuters on Thursday, the press service of the Ukrainian central bank confirmed the information given in the notice sent to banks, but declined to give any further details.
The cyber theft from Bangladesh’s central bank — and recent disclosures of other similar fraud attempts — have left the SWIFT messaging system under scrutiny. SWIFT is a cooperative of global banks formally known as the Society for Worldwide Interbank Financial Telecommunication.
SWIFT has said it plans a new program to improve security and also wants banks to “drastically” improve information sharing.
Reporting by Natalia Zinets; Writing by Jim Finkle; Editing by Christian Lowe and Catherine Evans