SWIFT Says Bank Cyber Attacks Are Here to Stay

Uploaded on 2016-10-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

SWIFT has admitted that cyberattacks leveraging the banking messaging system and poor local security have grown worldwide and asked for vigilance against threats which are "here to stay."

Recently, Alain Desausoi, SWIFT's chief information security officer (CISO) said at the Financial Times Cyber Security Summit Europe in London that cyberattacks launched against customers by fraudulently acting as the cooperative's network are being monitored by the group, which has come to the conclusion that such attacks are "persistent, adaptive and sophisticated."

"We continue to see cases in which our customers' environments have been compromised and subsequent attempts made to send fraudulent payment instructions," Desausoi told attendees.

As reported by Threat Post, the executive then explained how SWIFT, used by banks worldwide to verify transfers between banks and other financial services, is introducing new measures through the Customer Security Programme (CSP) to mitigate the damage such fraud can cost.

One new measure, dubbed Daily Validation Reports, has been established to forge a "long-term response" to cyber-fraud, Desausoi said. The tool gives banks and other customers the option to review daily messages and a summary of message flows in order to detect suspicious activity.

The feature, due to be introduced in December, will also give clients access to risk reports for the identification of unusual senders, destinations and patterns.

"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress," Desausoi said. "We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."

The Society for Worldwide Interbank Financial Telecommunication, otherwise known as SWIFT, hit the headlines in February after lax security at the Bangladeshi Bank allowed fraudsters to steal the bank's SWIFT code to make a series of fraudulent payment transfer requests.

Once armed with the code and after spying on bank employees to learn their practices for roughly a month, the cyber-attackers made a series of rapid transaction requests for cash to be sent from the country's New York-based Federal Reserve account to entities across Asia.

The cyber-attackers were able to pilfer $80 million, but the damage could have reached up to $1 billion if it had not been for one US employee who spotted a spelling mistake made in one of the rapid-fire transaction requests and thereby issued an alert blocking all other transfers.

Recently, Reuters reported that the company admitted in a private letter sent from SWIFT to clients that fresh cyberattacks have surfaced against the system since June, some of which were successful.

In the letter, SWIFT said that customer weaknesses in local security permitted fraudulent transactions to go through and compromise local networks.

ZDNet

« An Historic AI Partnership
Twitter On The Block: Offers Over $13B »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.

Emagine IT

Emagine IT

Emagine IT supports federal agencies and enterprises by leveraging a data-first approach to delivering cutting-edge IT, cybersecurity, and digital transformation services.