Hackers are using increasingly sophisticated tools and techniques for attacks against banks, SWIFT warns
The banking industry has been warned of the evolving threat of online criminals and hackers.
The warning from SWIFT, the international bank transfer system, came after online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh in early 2016.
In the end, the thieves only managed to steal $81 million (£63m) by initiating fraudulent SWIFT transfer messages from within the bank’s own systems.
Following that attack, SWIFT (Society for Worldwide Interbank Financial Telecommunication) joined forces with BAE Systems in July 2016 to bolster its cyber security expertise.
And now in a new report co-written with BAE Systems’s cyber security division, it shed light on some new techniques being used by the hackers.
The report has been dispatched to all SWIFT customers around the world, and it warned that over the past 18 months, there has been a “significant evolution in the cyber threat facing the global financial industry.”
“The adversaries have deployed increasingly sophisticated means of circumventing individual controls within users’ local environments and used ever more creative techniques to access users’ critical assets”, said BAE Systems’ Head of Threat Intelligence, Dr Adrian Nish. “These include gaining Administrator rights for operating systems, manipulating software in memory, and tampering with legitimate functionality to bypass authentication.”
The report also details how highly covert malware, designed to withstand traditional detection techniques, is increasingly being deployed in attacks.
“In any single attack a mix of malicious files will often be used, whether that be to acquire credentials or to bypass authentication requirements; to learn how internal operations or messages work; to create distractions and delay local security teams’ responses; or to securely delete log files and other traces of the attacks”, said Karel De Kneef, SWIFT’s Security Operations Director.
The report also provides advice for banks and the financial service providers on the safeguards they need to put in place to protect against the threat.
“While the attackers’ sophistication is clearly on the rise, in all cases, they have relied on basic security weaknesses in the targeted customers’ perimeter and internal network security’, said De Kneef.
“The determination, patience and cunning the attackers are demonstrating makes it more imperative than ever that customers rapidly deploy and maintain all basic cyber hygiene tools and measures, comprehensively adhere to recommended security controls, and incorporate all the elements set out in SWIFT’s Customer Security Programme.”
It comes after researchers at Kaspersky Lab in early November warned of the danger posed by the Silence trojan which infiltrates internal banking networks.
At the moment, SWIFT customers have until the end of the year (31 December) to implement SWIFT’s Customer Security Controls Framework (mandatory security controls), introduced in June 2016.
SWIFT has also “significantly developed its customer cyber security forensics and analysis capabilities under the Programme.”
SWIFT issued a similar warning in August last year, when it warned of ongoing and persistent attacks against the financial sector.
Brussels-based SWIFT has always insisted attacks have not compromised its network, but rather seem to have been carried out by attackers who obtained valid credentials from financial institutions and used these to impersonate authorised individuals.
In May last year the Bank of England to order all British banks to carry out a security review of systems connected to SWIFT.
Do you know all about security in 2017? Try our quiz!