Banco de Chile has admitted that a cyberattack on its systems in May led to the theft of $10 million.
The attack took place on May 24 and took down branch computer systems across the country. A security advisory released by the bank a few days later reported that the bank had “detected the presence of a fault that affected our normal attention in branches, telephone banking and some specific services. This generated the activation of our contingency protocol designed to maintain the continuity of the services, and in no case was the security of the products and transactions of our clients affected.” (translated)
The virus wiped disks (thus destroying any forensic data), left devices in a non-bootable state, and supposedly crashed more than 9,000 computers and more than 500 servers.
CEO Eduardo Ebensperger described the virus as a “zero-day” attack which hadn’t been seen in the wild before. Analysis by cybersecurity companies identified it as KillMBR, a variant of the KillDisk malware which has been used in the past to target banks and other financial institutions, and which has been seen with increasing frequency in Latin America recently, including in a failed attempt to steal $110M from Bancomext.
However, it seems that the disruption was intended to act as a distraction, while the hackers used the bank’s SWIFT systems to make fraudulent transfers. Ebensperger has assured customers and press that the bank’s analysis shows that no customer information or funds were stolen.
Ebensperger explained that the bank noticed the unexpected transactions and began cancelling them, but wasn’t able to recover all of the funds – four separate transactions were completed before the bank became aware of the theft.
He claimed that the majority of the sum stolen made its way to bank accounts based in Hong Kong, where the bank has now filed a case.
Not long afterwards, Trend Micro published a report on the use of the KillMBR virus in May, to enable an attack on a Latin American bank’s SWIFT systems. Though the organisation targeted wasn’t specified, it seems unlikely that the report refers to a different incident.
Ebensperger said that in response to the incident, the bank’s antivirus software, controls and monitoring will all be “intensified” in the hopes of defending more efficiently against sophisticated attacks.