SWIFT, a global financial messaging network, has cited new hacking attacks against multiple member banks in its global constituency, the first such instances since an earlier attempted heist of over $1 billion earlier this year at Bangladesh Bank, according to a SWIFT report.
Take the lead from today’s leaders. FM London Summit, 14-15 November, 2016. Register here!
Back in February, a $1 billion heist resulted in the theft of $81 million from the central bank of Bangladesh, placing SWIFT’s systems in the crosshairs. Despite mutual finger pointing, allegations arose of negligence on SWIFT’s side, after technicians failed to properly account for basic security protocols that may have left the bank vulnerable to hacking.
Since then, banks have launched a series of investigations into their own respective defences, which expanded to a total of twelve lenders as far back as May. This had followed from a previous attempt back in February in which cyber criminals tried to transfer upwards of $951 million from the Bangladeshi central bank's account at the Federal Reserve Bank of New York.
Questions Resurface
Many inside the SWIFT orbit have been wondering when the next attack would surface, given the vulnerabilities uncovered in previous investigations following the Bangladesh hacks. In a recent letter to clients, SWIFT has warned of recent attacks over the past few months in a seemingly ongoing wave of cyber assaults.
Sensing blood in the water, the warning also postulates that cyber thieves have also dialed up their efforts in the period following the Bangladesh Bank heist, leading to the systematic targeting of banks with lax security procedures for SWIFT-enabled transfers.
The threat is persistent, adaptive and sophisticated - and it is here to stay
SWIFT did not disclose who the victims were or how much money has been stolen, however some attacks have been successful, prompting a statement from the group. The common denominator has been weaknesses in local security that attackers have consequently exploited to compromise local networks and send fraudulent messages requesting money transfers.
According to the SWIFT letter released to members: "Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions. The threat is persistent, adaptive and sophisticated - and it is here to stay."