SWIFT, the global financial messaging system, disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures.
Advertisement
Although some time has passed since these attacks happened, Swift has only disclosed the new hacks now after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security. But others have succeeded.
In a private letter to clients, SWIFT was quoted by Reuters as saying that new cyber-theft attempts (some successful) have surfaced since June.
SWIFT has been on a mission over the past few months to regain the trust of banks and their customers following incidents in Bangladesh and elsewhere.
In the case of February’s Bangladeshi bank incident, hackers were ultimately able to take advantage of its nearly non-existent security, with no firewalls and the cheap, secondhand networking gear used to connect to SWIFT, in order to infiltrate the bank’s systems and make off with millions.
Swift has set a November 19 deadline for installing the latest version of its software – which includes stronger authentication and password management and better hack detection tools – and has warned banks that fail to measure up that it may share future security lapses more widely with banking regulators and correspondent banking partners.
Before it’s here, it’s on the Bloomberg Terminal. Hackers breached the bank’s normal IT network used for day-to-day operations, searched for the SWIFT system, collected SWIFT credentials from bank employees, and then attempted to move money out of the bank’s accounts to their own.
“Customers’ environments have been compromised, and subsequent attempts [were] made to send fraudulent payment instructions”, said the letter seen by Reuters.
The Bangladesh Bank attack and others that have emerged are only some of the threats posed by cyber criminals, the senators wrote.
Since SWIFT is only a software maker, it can not force any of the financial institutions to deploy better security on their networks. “The threat is persistent, adaptive and sophisticated – and it is here to stay”, it added. This is because SWIFT is a non-profit co-operative and lacks regulatory powers. Ecuador’s Banco del Austro was hit for $12 million.
Advertisement
The Federal Reserve and other USA agencies told banks in June to review protections against fraudulent money transfers.
