SWIFT, the payment network that supports financial institutions and banks around the world, continues to see attacks compromising its customers’ networks as attackers look for new ways to drain money from the global financial system.
The SWIFT network has been hit with a number of high-profile attacks in the last few months, many of which have shared tactics and techniques. The biggest hit was an attack on the Bank of Bangladesh in February that resulted in the fraudulent transfer of $81 million from the bank’s network. The damage could’ve been far worse in that case, as the attackers tried to steal $950 million. The tools used in that attack were customized for compromising the SWIFT system, which is used by banks to exchange messages about transactions.
In the wake of that attack, and the others that have followed, SWIFT, a consortium owned by the member banks, has been working to shore up the security of its network. Officials said that the measures are working, but the attacks are continuing to hit customer networks unabated.
“The threat is persistent, adaptive and sophisticated.”
“The threat is persistent, adaptive and sophisticated – and it is here to stay. We continue to see cases in which our customers’ environments have been compromised and subsequent attempts made to send fraudulent payment instructions,” Alain Desausoi, SWIFT’s CISO, said at an event in London this week.
One of the changes that SWIFT has made recently is encouraging its customers to share information. There are several formal information-sharing efforts in the financial industry, but the SWIFT version is specific to that system and is part of the group’s Customer Security Program.
“The threat requires industry-wide co-operation and a long-term response in the form of our CSP. We are making tangible progress. Fortunately a good number of recent attacks have been thwarted or prevented either because our customers have stopped suspicious instructions or because the attacks have been identified and the frauds ultimately prevented as a direct result of measures introduced through the CSP,” Desausoi said.
SWIFT also has introduced a new report, which will be sent out of the normal communications channels, to validate daily transactions. The Daily Validation Reports are designed to give banks a way to independently verify the messages on their networks on a daily basis and identify unusual or fraudulent activity.
“A key step in the modus operandi in recent wire fraud cases at customer firms involves the attackers concealing their fraudulent messaging activity on customers’ local systems. Smaller institutions, in particular, are currently dependent on the accuracy of the data on their own systems, but in the event of a security breach, their locally stored payment and reconciliation data may be altered or unavailable. Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud – whether perpetrated by external attackers or by malicious insiders,” Stephen Gilderdale, head of SWIFT’s Customer Security Programme, said in a statement.