Swift reveals more cyber thefts
Swift has revealed new hacking attacks on its members’ banks as it pressured them to comply with security procedures instituted after the heist at Bangladesh Bank, according to Reuters.
In a private letter to clients, Swift says new cyber theft attempts – some of them successful – have appeared since June, when it last updated customers on the spate of attacks.
“Customers’ environments have been compromised, and subsequent attempts made to send fraudulent payment instructions,” according to a copy of the letter seen by Reuters. “The threat is persistent, adaptive and sophisticated — and it is here to stay.”
The disclosure has inevitably led to speculation, with Reuters suggesting that cyber thieves “may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for Swift-enabled transfers”.
In the now public “private letter” some victims in the new attacks lost money but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims but said the banks varied in size and geography and used different methods for accessing Swift.
According to Reuters, all the victims had one thing in common: security weaknesses that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers.
This latest revelation follows current and former executives and managers of Swift recently saying that the organisation was slow on strong security.
The Bangladesh bamboozle was also not in isolation. Investigators looked at more potential computer breaches following three attacks – the aforementioned episode in Bangladesh; Vietnam’s Tien Phong Bank stopping an attempted wire fraud; and Ecuador’s Banco del Austro losing around $9 million.
However, prior to this private letter, Swift has been vocal in its desire for members to demonstrate greater security awareness.
In July, it turned to outside help to improve security on its network. It engaged cyber security firms BAE Systems and Fox-IT, and created a Forensics and Customer Security Intelligence team, as it wants to investigate security incidents “within customer environments”.
Back in June, Swift CEO Gottfried Leibbrandt warned banks with inadequate cyber defences they could find themselves booted off its payment network.
While in May, Swift unveiled a five-part plan to reinforce security across its network.