Society for Worldwide Interbank Financial Telecommunication (SWIFT), the popular financial messaging system, once again reports troubling disclosures about more cyberthefts on its member banks.
“SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank.” – Reuters exclusive writes.
Reuter also reports that the institution has sent its banking clients private letters to warn them to improve their security systems, as more hacking attacks have occurred since June and many of them have been successful. The last time the SWIFT made that kind of warning was soon after the $81 million were stolen from the Bangladesh central bank.
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions.” – states the letter accessed by Reuters – “The threat is persistent, adaptive and sophisticated – and it is here to stay.”
SWIFT didn’t reveal which particular clients were targeted and now much money they lost. However, all victims share the same weakness – their local security, which provided an exploit for hackers to enter through and send fraudulent money transfer orders.
All this information suggest that after the Bangladesh Bank heist, crooks are even more determined to hit banks with slack security procedures for SWIFT-enabled transfers. Those financial institutions are now more at risk than ever.
“The Bangladesh bank was a smaller institution, with minimal cybersecurity defenses and significant access to both monetary assets and larger targets.” – explains the provider of managed cyber threat detection and response services, eSentire.
After the Bangladesh heist, SWIFT has been urging its member banks to improve their security systems with newer measures, such as user authentication systems and software updates for sending and receiving messages. But forcing them to comply hasn’t been an easy task, given the fact it doesn’t have regulatory authority over them.
However, what SWIFT did, in the end, was warning its members that it might report them to regulators and banking partners if they failed to meet the November 19 deadline for installing the latest version of its software. It includes new security features designed to prevent the type of attacks described in the letters.
Shane Shook, an independent security consultant who advises central banks said that SWIFT is trying to make its members comply by threatening them to reveal confidential information about security lapses which they wouldn’t want to be shared.
“That type of information sharing is something that no bank likes to see happen without their direct approval and involvement because it can affect market confidence.” Shook explained.