Reuters/Dado Ruvic/File Photo
SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.
The disclosure came as law enforcement authorities in Bangladesh and elsewhere continued to investigate the February cyber theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on the bank’s computers to hide evidence of fraudulent transfers.
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday in a notice seen by Reuters.
The warning, which SWIFT issued in a confidential alert sent over its network on Monday, did not name any victims or disclose the value of any losses from the previously undisclosed attacks. SWIFT confirmed to Reuters the authenticity of the notice.
Also on Monday, SWIFT released a security update to the software that banks use to access its network.
SWIFT issued that update to thwart malware that security researchers with British defense contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist.[L2N17S0RG]
BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks.
BAE said it could not explain how the fraudulent orders were created and pushed through the system.
But SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.
It said the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.
SWIFT, or the Society for Worldwide Interbank FinancialTelecommunication, is a cooperative owned by 3,000 financial institutions. Its messaging platform is used by 11,000 banks and
other institutions around the world and is considered a linchpin of the global financial system.
SWIFT spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.
“Customers should do their utmost to protect against this,” she said in an email to Reuters.
SWIFT told customers that the security update must be installed by May 12.
“We have made the Alliance interface software update mandatory as it is designed to help banks identify situations in which attackers have attempted to hide their traces – whether these actions have been executed manually or through malware,” she said.
(Reporting by Jim Finkle in Boston; Additional reporting by Serajul Quadir in Dhaka; Editing by Jonathan Weber, Martin Howell and Peter Cooney)