BOSTON/NEW YORK – SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its members’ banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank.
In a private letter to clients, SWIFT said new cybertheft attempts — some of them successful — have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
“Customers’ environments have been compromised, and subsequent attempts made to send fraudulent payment instructions,” according to a copy of the letter. “The threat is persistent, adaptive and sophisticated — and it is here to stay.”
The disclosure suggests that cyberthieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.
The Brussels-based firm, a member-owned cooperative, indicated in Tuesday’s letter that some victims in the new attacks lost money but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims but said the banks varied in size and geography and used different methods for accessing SWIFT.
All the victims had one thing in common: security weaknesses that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers.
Accounts of the attack on Bangladesh Bank suggest that weak security procedures there made it easier to hack into computers used to send SWIFT messages requesting large money transfers. The bank lacked a firewall and used second-hand, $10 electronic switches to network those computers, according to the Bangladesh police.
SWIFT has repeatedly pushed banks to implement new security measures that were rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over members.
SWIFT told banks Tuesday that it might report them to regulators and banking partners if they fail to meet a Nov. 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter.
The security features include technology for verifying credentials of people accessing a bank’s SWIFT system, stronger rules for password management and better tools for identifying attempts to hack the software.
SWIFT is trying coerce members into prioritizing cybersecurity by threatening to share confidential information about security lapses that banks want to keep private, said Shane Shook, an independent security consultant who advises central banks.
“That type of information-sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence,” Shook said.
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cybersecurity.
Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador’s Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam’s Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England in April ordered U.K. firms to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyberrisks.
The Federal Reserve and other U.S. agencies told banks in June to review protections against fraudulent money transfers.
Six U.S. senators on Monday urged the G-20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cybercrime at critical financial institutions.”
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.