Investigations on potential computer breaches have expanded to as many as 12 banks linked to Swift’s global payments network, finding irregularities similar to those in the $81 million cyberheist involving the Bangladesh central bank.

Bangladesh bank-commissioned security firm FireEye received communications from other banks, mostly from Southeast Asia, due to telltale signs that their systems have also been infiltrated by hackers. These banks include those from the Philippines and New Zealand, with no indication of whether there was money taken.

The expanded investigation follows the discovery of the Bangladesh case, the most massive known cyberheist in history.

FireEye, however, declined to comment on the report.

Philippine Bank, Sony Hacks

In a Thursday blog post, cyber security firm Symantec said that the hackers involved in the Bangladesh heist could also figure in another cyber attack – this time on a Philippine bank – apart from the 2014 Sony Pictures Entertainment hack.

Once confirmed, the Philippine case would be the fourth known case involving fraudulent SWIFT messages.

According to Symantec, it identified three pieces of malware used in limited targeted attacks against Southeast Asian financial institutions, with proof that the perpetrators managed to infiltrate the computers although there is yet to be evidence of money being taken.

Among the malicious pieces was a program previously tied to the hacking group Lazarus, which was associated with the 2014 attack on Sony’s Hollywood studio. The U.S. government, though, pinned the blame on North Korea.

Symantec technical director Eric Chien pointed to a “pretty hard connection” of the current possible breaches to the Sony attack and the people behind them, reported Reuters.

Last week, Reuters also reported that the Banco del Austro of Ecuador had over $12 million stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT system. In a failed attempt, attackers also tried to move an estimated $1.2 million in late 2015 from a Vietnamese lender.

More Breaches May Emerge

Brussels-based interbank cooperative SWIFT – which means Society for Worldwide Interbank Financial Telecommunication – warned that more breaches may have been done, including those in Ecuador and Vietnam. The possible new cases of compromise are deemed “not entirely surprising” because banks are now reviewing their own environments.

This week, SWIFT urged banks to bolster their security.

“Many may turn out to be false positives and or have nothing to do with SWIFT messages, but it is key that these reviews take place and banks’ environments are secured,” said its spokesperson Natasha de Teran.

Swift depends on internal trust such that its messages are considered legitimate and money will be moved immediately as instructed. It has come under mounting pressure from its bank clients to increase its security guidelines to prevent future cyber breaches.

The erosion of such trust, according to Bloomberg, could cast doubt on the foundation upon which the network is built.

In the Bangladesh cyberheist, the Federal Reserve Bank of New York was tricked by fake SWIFT messages into wiring money – funds that it held for the poverty-stricken country – to hacker-dominated accounts resting in the Philippines. Its system was later on able to halt $850 million more in attempted transfer.

Photo: Mike Mozart | Flickr