Swift Hack – Three Banks and More to Come?

Share Your Thoughts: Facebooktwitterlinkedin

Banks and financial organizations must heed current warnings issued after a massive heist against Bangladesh Central Bank, Banco del Austro in Ecuador, and Tien Phong Bank in Vietnam.

Swift Hack of Banking credentialsThe Society for Worldwide Interbank Financial Telecommunication (SWIFT) has issued a statement to its customers stating that the financial messaging system is taking steps to create more information sharing practices among its customers.  SWIFT has repeatedly stated that it is not responsible for the attacks, although hackers have used malware to steal credentials of SWIFT customers. SWIFT said in a statement Friday:

“SWIFT will continue to notify you as soon as possible of any cases of malware known to us so that you can better target your preventative and detective efforts in your local environment,”

The financial messaging platform said it is: “…receiving feedback from the relevant board committee and overseers in the coming days and will be sharing plans with the wider community.”

In the February attack, criminals gained access to the Central Bank of Bangladesh and used the SWIFT system, the network that financial institutions use to send and receive information about financial transactions worldwide, to fraudulently transfer $81 million from an account at the Federal Reserve Bank of New York to accounts in the Philippines.

Next, it was reported that cyber criminals also used the SWIFT system to attack the Tien Phong Bank in Vietnam. In a May 13, 2016 letter to its users, SWIFT apparently warned that this attack was part of a “wider and highly adaptive campaign targeting banks” and that the “attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks….”

Courtesy of thehackernews.com

Image courtesy of thehackernews.com

As detailed in TheHackerNews, a third case involving SWIFT has emerged in the details of a lawsuit. The theft of about $12 million from an Ecuadorian bank contained numerous similarities of later attacks against Bangladesh’s central bank that lost $81 Million in the cyber heist. The attack on Banco del Austro (BDA) in Ecuador occurred in January 2015 and, revealed via a lawsuit filed by BDA against Wells Fargo, a San Francisco-based bank on Jan. 28, Reuters reported. Over ten days, hackers used SWIFT credentials of a bank employee to modify transaction details for at least 12 transfers amounting to over $12 Million, which was transferred to accounts in Hong Kong, Dubai, New York and Los Angeles.

On May 19, 2016, U.S. Senator Tom Carper (D-Del.), top Democrat on the Senate Homeland Security and Governmental Affairs Committee, sent letters to the Federal Reserve Bank of New York President William Dudley and Society for Worldwide Interbank Financial Telecommunication (SWIFT) Managing Director Patrick Antonacci asking what steps are being taken to better protect banks around the world against cyber security threats in light of multiple recent attacks on the SWIFT system.

 “It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve systems were compromised in connection with these recent incidents,” Carper wrote. “However, these cyber attacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks. Congress has a responsibility to continue to strengthen our nation’s cyber security, including ensuring that the system used by our banks to engage in cross-border transactions is secure. Only by staying a step ahead of these cyber threats can we ensure the security of our financial system.”

U.S. Senator Tom Carper (D-Del.)

SWIFT has issued a warning that banks should review their internal security in light of what has been uncovered.  Included in the most recent message dated May 20, 2016:

We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services. In such cases SWIFT may require certain diagnostic information from you as set out in our terms and conditions (14.2.2).

SWIFT connects more than 11,000 institutions in over 200 countries and processed over six billion messages last year.

SWIFT may release additional updates as it learns more about the attacks and other potential threats.

Learn more about how Firestorm can help through our Predict.Plan.Perform® Methodology.

Share Your Thoughts: Facebooktwitterlinkedin