SWIFT Warns Banks Of Ongoing Cyber Attacks

Banks across the world are being urged to tighten up their lax security procedures after new attacks against the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network were made public.

In a private letter to clients, SWIFT was quoted by Reuters as saying that new cyber-theft attempts (some successful) have surfaced since June.

“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” according to a copy of the letter reviewed by Reuters. “The threat is persistent, adaptive and sophisticated – and it is here to stay.”

Ongoing Attacks

The global financial messaging system has reportedly warned its member banks of ongoing hacking attacks in recent months and told partners it expects them to deliver an “operational baseline” of appropriate security measures. SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise.

But it seems at though SWIFT has detected a spike in attacks against the network since the online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh earlier this year.

Those attackers managed to exploit weak local security procedures to pocket at least $81 million (£57m) from its account located at the Federal Reserve Bank of New York. It it reported that the Bank of Bangladesh lacked a firewall and used cheap second-hand switches to connect its SWIFT computers.

Brussels-based SWIFT always insisted the attacks didn’t involve any compromise of the network itself, but rather seem to have been carried out by attackers who obtained valid credentials from financial institutions and used these to impersonate authorised individuals.

That attack was thought to be one of the largest bank robberies in history, and prompted the Bank of England to order British banks to carry out a security review of systems connected to SWIFT.

Learn The Lessons

And SWIFT is concerned that its member banks are not learning the lesson and upping their local security procedures for SWIFT-enabled transfers.

The most recent SWIFT letter to the banks reportedly admitted that some victims had lost money in the latest attacks, but did not reveal how much was taken or how many of the attempted hacks succeeded.

The letter also did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.

But the letter indicated that all the victims shared one thing in common, namely weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting large money transfers.

SWIFT is reportedly struggling to get its member banks to implement new security measures, including stronger systems for authenticating users and updates to its software for sending and receiving messages. This is because SWIFT is a non-profit co-operative and lacks regulatory powers.

But according to Reuters, it is getting tough and has warned banks it might report them to regulators and banking partners if they failed to meet a 19 November deadline for installing the latest version of its software, which contains new security features.

Quiz: What do you know about cybersecurity in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Intel Adds Two Chip Veterans To Board, Amid Search For New CEO

Two chip veterans named for Intel's board of directors, amid reports of expertise gap after…

23 hours ago

Waymo To Expand Ride-Hailing Service To Miami

Another major city in the United States is to receive Alphabet's Waymo ride-hailing service, with…

23 hours ago

Meta To Spend $10 Billion On Largest Data Centre To Date

Facebook parent confirms its 23rd data centre in the US will be located in Louisiana,…

2 days ago

Musk’s Neuralink Animal Lab Cited For ‘Objectionable Conditions’

Federal regulator reportedly cites animal lab at Elon Musk's Neuralink for “objectionable conditions or practices”

2 days ago

Trump Nominates Cryptocurrency Advocate Paul Atkins As SEC Chair

President-elect Donald Trump nominates a new chairman to head the SEC, who is a noted…

2 days ago