Swift seeks stronger network security
It has engaged cyber security firms BAE Systems and Fox-IT, and created a Forensics and Customer Security Intelligence team, as it wants to investigate security incidents “within customer environments”.
The move follows a spate of thefts when banks’ access to the Swift network was used to execute the crimes. Recently, $10 million was stolen from an unnamed Ukrainian bank; and investigators were looking at more potential computer breaches following three attacks – a $101 million cyber heist in Bangladesh; Vietnam’s Tien Phong Bank stopping an attempted wire fraud; and Ecuador’s Banco del Austro losing around $9 million.
BAE Systems and Fox-IT will “complement” Swift’s in-house cyber security expertise and work closely with its newly formed Customer Security Intelligence team to support Swift’s customer information sharing initiative and to “help strengthen” cyber security across the global Swift community.
The information sharing initiative is a “key part” of Swift’s recently launched Customer Security Programme. That launch saw Swift CEO Gottfried Leibbrandt warning banks with inadequate cyber defences they could find themselves booted off the payment network.
Swift says this initiative has “grown significantly” since its launch, and now includes “detailed” intelligence and analysis on the modus operandi of attackers in recent customer fraud cases.
In addition, Swift has published an inventory containing some of the specific malware used in reported attacks, as well as indicators of compromise (IoCs) that it has developed to assist other customers in detecting threats operating in their environments.
Swift chief technology officer, Craig Young, says: “An important dependency of this initiative is Swift’s timely receipt of information from affected customers. We therefore continue to remind customers that they are obliged to inform Swift of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all Swift users.”