SWIFT Warns Banks Of Ongoing Cyber Attacks

Banks across the world are being urged to tighten up their lax security procedures after new attacks against the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network were made public.

In a private letter to clients, SWIFT was quoted by Reuters as saying that new cyber-theft attempts (some successful) have surfaced since June.

“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” according to a copy of the letter reviewed by Reuters. “The threat is persistent, adaptive and sophisticated – and it is here to stay.”

Ongoing Attacks

The global financial messaging system has reportedly warned its member banks of ongoing hacking attacks in recent months and told partners it expects them to deliver an “operational baseline” of appropriate security measures. SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise.

But it seems at though SWIFT has detected a spike in attacks against the network since the online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh earlier this year.

Those attackers managed to exploit weak local security procedures to pocket at least $81 million (£57m) from its account located at the Federal Reserve Bank of New York. It it reported that the Bank of Bangladesh lacked a firewall and used cheap second-hand switches to connect its SWIFT computers.

Brussels-based SWIFT always insisted the attacks didn’t involve any compromise of the network itself, but rather seem to have been carried out by attackers who obtained valid credentials from financial institutions and used these to impersonate authorised individuals.

That attack was thought to be one of the largest bank robberies in history, and prompted the Bank of England to order British banks to carry out a security review of systems connected to SWIFT.

Learn The Lessons

And SWIFT is concerned that its member banks are not learning the lesson and upping their local security procedures for SWIFT-enabled transfers.

The most recent SWIFT letter to the banks reportedly admitted that some victims had lost money in the latest attacks, but did not reveal how much was taken or how many of the attempted hacks succeeded.

The letter also did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.

But the letter indicated that all the victims shared one thing in common, namely weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting large money transfers.

SWIFT is reportedly struggling to get its member banks to implement new security measures, including stronger systems for authenticating users and updates to its software for sending and receiving messages. This is because SWIFT is a non-profit co-operative and lacks regulatory powers.

But according to Reuters, it is getting tough and has warned banks it might report them to regulators and banking partners if they failed to meet a 19 November deadline for installing the latest version of its software, which contains new security features.

Quiz: What do you know about cybersecurity in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Blue Origin Aborts Test Flight Minutes Before Launch

Jeff Bezos' Blue Origin cancels New Glenn certification flight at last minute due to unspecified…

4 hours ago

Government Aims To Make UK AI ‘Superpower’

Government to loosen AI regulation, exploit public-sector data, build data centres in growth zones as…

9 hours ago

Brazil Demands Clarity After Meta Ends Fact-Checking

Brazil demands specifics on how new Meta stance on misinformation will apply to country amidst…

17 hours ago

US Executive Order Aims To Shore Up Cyber-Defences

Order from outgoing Joe Biden administration aims to respond to multiple hacks by China targeting…

18 hours ago

Amazon, Meta End Diversity Initiatives

Amazon, Meta end diversity and inclusion initiatives as tech firms re-align policies with those of…

18 hours ago

TSMC Cuts Off Singapore Company Amidst Huawei Fallout

TSMC cuts off Singapore-based PowerAIR as it investigates chip it produced appearing in AI accelerator…

19 hours ago