After a string of highly sophisticated and well-publicized attacks in recent weeks, officials at SWIFT, the banking payment consortium, are asking banks to improve their information sharing efforts to help combat future compromises.
The SWIFT payment network has been targeted by several successful attacks recently, including one that resulted in the fraudulent transfer of $81 million from the Bank of Bangladesh in February. Investigators found that attackers had gained access to the bank’s network and then used valid credentials to get on the SWIFT network and initiate a slew of fraudulent funds transfers.
“We understand that the malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security,” the statement from SWIFT on that attack says.
More recently, officials at SWIFT (Society for Wold Interbank Financial Telecommunications) warned members that attackers were using exploits for PDF reader software to compromise target networks. The attackers then ran the same game as in the Bank of Bangladesh operation, eventually accessing the SWIFT system. SWIFT is used by banks to exchange information about funds transfers.
In light of the recent attacks, the organization, which is owned by a group of major banks, is encouraging institutions to improve their information sharing and stressed that the banks have an obligation to report any suspected fraud.
“The security of our global financial community can only be ensured through a collaborative approach among SWIFT, its users, its central bank overseers and third party suppliers. SWIFT is fully committed to leading the community effort. To this end, it is essential that you share critical security information related to SWIFT with us,” the group’s statement says.
“We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services.”
SWIFT officials said they will continue to update banks with new indicators of compromise and information on any new custom malware used in attacks on member institutions.