Warning: Cyber-attackers used SWIFT for fraud

By Madhvi Mavadiya | 27 April 2016

Global financial network SWIFT (Society for Worldwide Interbank Financial Telecommunication) has issued a warning for its customers as many “cyber incidents” have occurred recently where attackers have sent fraudulent messages over its system. This could prove to be dangerous for the 11,000 financial institutions that use SWIFT in order to transfer billions of dollars every day and the organisation confirmed this breach in security with a confidential alert sent over the network last weekend. Names of victims or values of losses have not been disclosed at this time.

CEO of security and electronic fraud prevention vendor Easy Solutions, Ricardo Villadiego, sees some positives in this announcement and highlights that “every action has a fraudster reaction. As an industry we must assess and re-assess our security posture, because criminals had already shown interest in the SWIFT platform.” Villadiego also commented on the news that SWIFT are planning to add a new patch to their platform and said that change will not be imminent.

My two cents here when is that when it comes to fraud prevention we must stop the problem from the beginning to the end, there’s not a silver bullet," Villadiego said. The disclosure about the cyber-attacks came after law enforcement authorities investigated the cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve, according to the Guardian. In light of this, SWIFT confirmed that the incident involved changing the back office software so that the fraudulent transfers were hidden.

Security researchers at British defense contractor BAE Systems partnered with SWIFT to figure out how these fraudulent transfers were made, but as Reuters reports, the findings do not explain how these orders were created and subsequently pushed through the system without the organisation finding out. The evidence does suggest that the hackers manipulated the Alliance Access server, which is used to send financial messages, and this is where BAE Systems found the malware that was responsible for $81 million cyber theft.

However, according to Reuters, a senior official from the Bangladesh Police’s Criminal Investigation Department said that investigators had not found the malware that BAE Systems had claimed to have found. “It was their responsibility to point it out but we haven’t found any evidence that they advised before the heist,” head of the Forensic Training Institute of the Bangladesh police criminal department, Mohammed Shah Alam said. In addition to this, they put forward that the bank’s computer security measures were not efficient enough, but investigators said that SWIFT should take the blame.

Adrian Nish, head of threat intelligence at BAE Systems, said that this is the most elaborate attack that he has ever seen. “I can’t think of a case where we have seen a criminal go to the level of effort to customise it for the environment they were operating in. I guess it was the realisation that the potential payoff made that effort worthwhile,” Nish said.

The attack on the Bangladesh Bank was not random, but one of many recent schemes that have taken place recently. “SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions’ back offices, PCs or workstations connected to their local interface to the Swift network,” the organisation stated.

Alongside this, Natasha Deteran, spokeswoman for SWIFT, reassured their customers that the organisation would provide updates when they were available. “Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems.

12 May is the date that SWIFT have proposed for a new security update, but banks and other financial institutions should remain vigilant as the hackers that targeted the Bangladesh central bank will be looking to do the same to other banks.

We have made the Alliance interface software update mandatory as it is designed to help banks identify situations in which attackers have attempted to hide their traces – whether these actions have been executed manually or through malware,” Deteran said. 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development