Chilean officials are making cybersecurity a top priority, as they just learned that hackers stole over $10 million from the country’s second-largest bank, Banco de Chile.

The bank publicly disclosed on May 28, 2018, that it had detected a virus that infected thousands of its workstations. As the investigation unfolded, the company learned that the cyber-attack corrupted the master boot records (MBRs) of 9,000 PCs and servers, leaving them unable to reboot. This attack forced the bank to halt nearly all operations May 24 at almost 400 branches throughout the country. It took almost two weeks for the bank to resume normal services.

What was originally believed to be a virus turned out to be MBR Killer malware. This ‘MBR Killer' malware was created using the open-source Nullsoft Scriptable Install System and uses VMProtect in an attempt to prevent reverse engineering. It damages the MBR by overwriting the first sector of the target's boot disk.

Many believe the malware was just a distraction and that consumer accounts were never the real target of this attack. The bank, however, took protective measures to safeguard consumer accounts by disconnecting 9,000 workstations that were believed to be infected, leaving attackers able to steal millions of dollars from the bank.

Attackers have since then transferred about $10 million through the banks SWIFT international money transfer systems. The bank started canceling these transactions, but not all of them were recovered. Most of the money has been traced back to Hong Kong and it’s believed that the criminal group responsible for the attack is from either Eastern Europe or Asia.

“We found some strange transactions in the SWIFT system. There we realized that the virus was not necessarily the underlying issue, but apparently they wanted to defraud the bank, “said general manager of Banco de Chile, Eduardo Ebensperger.

The company is adamant that the integrity of its customer accounts, funds or transactions has not been impacted in any way.  However, this incident should serve as a stark reminder to financial institutions across the globe that security best practices must be followed and the CIS Controls must be implemented to prioritize security risks within the financial industry.  

 

Read the article on InfoSecurity Magazine

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.