As a new threat, which uses the SWIFT interbank network, has recently appeared, the group of the leading economies, G7, has decided to set up a new framework for fighting the hacking of financial institutions.
As a response to the rapidly rising number of bank robberies of not only client databases but also of huge amounts of money, G7 laid out a set of principles, which banks need to implement to improve their cybersecurity programs.
“The recent incident involving the SWIFT network and other cyber-attacks really underscore the imperative for robust cyber security throughout the global financial sector.” – said Sarah Bloom Raskin, the US Treasury Deputy Secretary – “These threats have not destabilized the financial sector but they threaten to destabilize it.”
Sarah Raskin is co-chair of the Cyber Expert Group of the G7 — the United States, Canada, France, Germany, Italy, Japan, and the United Kingdom.
In two pages, the “Fundamental Elements of Cybersecurity” guideline emphasizes on the basis of an effective bank program, which is fully capable of mitigating the risks and protect its financial system from cyber threats.
The guidelines are aimed at the board members and top managers of both private and public financial institutions to use them for improving and shaping the cyber threat strategy of their companies.
The huge heist of the whopping $81 million from the Bangladesh`s central bank revealed how vulnerable to cyber threats the financial sector actually is, especially if these threats rely on the SWIFT worldwide network for interbank transfers. After the theft, SWIFT said that this case “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
This very much drew the attention of the world’s leading finance ministers and central bank chiefs.
“The challenge with cyber security is that the threat vectors can be difficult to discern and are constantly morphing in search of financial sector vulnerabilities.” – said Raskin.
This issued was once again confirmed on Tuesday, October 11th, when the Symantec security team alarmed of a new malware, named Odinaff, which is threatening banks worldwide. Odinaff has been around since January this year and Symantec says that its behavior “appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors“.
Moreover, Symantec found out some similarities between Odinaff`s infrastructure and some previous attacks tapping the SWIFT network, known as Carbanak. And yet, when it comes to the Bangladesh`s heist, another group, known as Lazarus, is considered responsible.
“These attacks require a large amount of hands on involvement with a heavy investment in the coordination, development, deployment, and operation of the tools used to break into the targets systems” – Symantec said.