Money makes the world go around, and SWIFT - the worldwide inter-bank communication network - is the system that allows banks to send money to each other. So when online criminals find a way to exploit SWIFT, they can transfer huge amounts of money to bank accounts under their control.
As we have previously reported, there has been a wave of high-profile bank heists which have seen fraudulent SWIFT messages sent out, ordering banks to move hundreds of millions of dollars. Some of the attacked banks have been targeted with bespoke malware, as in the case of Bangladesh Bank where criminals attempted to steal one billion dollars, successfully making off with a (still impressive) $81 million. In another attack, hackers exploited their access to the SWIFT network to steal $10 million from a Ukrainian bank. It appears that in these and other attacks involving SWIFT, the criminals are are able to pose as legitimate bank employees initiating money transfers having somehow obtained valid credentials. Yesterday, at the Financial Times Cyber Security Summit Europe, SWIFT CISO Alain Desauso warned that SWIFT attacks are "here to stay":
"The threat is persistent, adaptive and sophisticated – and it is here to stay. We continue to see cases in which our customers’ environments have been compromised and subsequent attempts made to send fraudulent payment instructions."
SWIFT is keen to emphasise that it does not believe its own systems have suffered a breach, but that the problem stems from lax security at some of the 11,000 banks to which it provides services. In SWIFT's view, the attacks were ably assisted by lax computer security practices in some banks, which could have opened opportunities for hackers to scour hacked networks in their hunt for SWIFT transfer credentials. Therefore, says Desauso, bank's defences can be hardened by engaging with SWIFT's Customer Security Programme (CSP):
"The threat requires industry-wide co-operation and a long-term response in the form of our CSP. We are making tangible progress. Fortunately a good number of recent attacks have been thwarted or prevented either because our customers have stopped suspicious instructions or because the attacks have been identified and the frauds ultimately prevented as a direct result of measures introduced through the CSP."
To provide further assistance, SWIFT plans to release a new tool in December called "Daily Validation Reports" that will provide banks and other clients with a daily summary of messages, highlighting unusual patterns of behaviour. Even with the tool in place, SWIFT's Desauso firmly put the ball in banks' courts to improve their security:
"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress. We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."
With such huge amounts of money at stake, it's clearly important for security to be improved and for more to be done to prevent the fraudulent movement of funds by hackers. After all, it's not just the sheer amount of stolen cash that we should be worried about, but who might be ultimately benefiting from the millions of dollars that have been stolen so far - and what they plan to do with it. Further reading: 5 Actionable Steps We Can Learn from the SWIFT Banking Attacks Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
