The SWIFT messaging system plans to ask banks to make sure they are following recommended security practices following an unprecedented cyber attack on Bangladesh’s central bank that yielded $81 million, a spokeswoman for the group told Reuters on Sunday.
Brussels-based SWIFT, a cooperative owned by some 3,000 global financial institutions, will issue a written warning on Monday asking banks to review internal security, the spokeswoman said.
SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh, she added.
“Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments,” the spokeswoman added.
Unknown hackers breached the computer systems of Bangladesh Bank and in early February attempted to steal $951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements. Some attempted transfers were blocked, but $81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.
SWIFT has so far said little about the attack, except that it was related to “an internal operational issue” at Bangladesh Bank and that there was no compromise in its core messaging system.
SWIFT prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices, the spokeswoman added.
A confidential interim report on the investigation, which forensics experts submitted to the bank on Wednesday, said that attackers took control of the bank’s network, stole credentials for sending SWIFT messages and used “sophisticated” malicious software to attack the computers it uses to process and authorize transactions.
Investigators said in the report, which was reviewed by Reuters, that they believe the attackers have targeted other financial institutions.
The report was prepared by FireEye Inc (FEYE.O) and World Informatix, which were hired by Bangladesh’s central bank to investigate the massive theft.
The investigators did not identify other victims or name the hackers, but said that forensic evidence suggests they were also behind other recent cyber attacks on financial institutions.
“FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated, and well organized,” said an interim report sent to the bank last week.
Representatives of Bangladesh Bank and FireEye declined to comment on the confidential report and their probe into the Feb. 4 heist.
World Informatix Chief Executive Rakesh Asthana told Reuters via email that he could not discuss the investigation, but that he expected Bangladesh Bank to issue a news release on Monday.
Details from the confidential report were previously reported by Bloomberg News and a Bangladesh publication, The Daily Star.
(Reporting by Jim Finkle in Boston and Serajul Quadir in Dhaka; Editing by Jonathan Oatis)