BY JIM FINKLE
SWIFT, the global financial network that banks use to transfer billions of
dollars every day, warned its customers on Monday that it was aware of "a
number of recent cyber incidents" where attackers had sent fraudulent
messages over its system.
The
disclosure came as law enforcement authorities in Bangladesh and elsewhere
investigated the February cyber theft of $81 million from the Bangladesh
central bank account at the New York Federal Reserve Bank. SWIFT has
acknowledged that the scheme involved altering SWIFT software on Bangladesh
Bank's computers to hide evidence of fraudulent transfers.
Monday's
statement from SWIFT marked the first acknowledgement that the Bangladesh Bank
attack was not an isolated incident but one of several recent criminal schemes that
aimed to take advantage of the global messaging platform used by some 11,000
financial institutions.
"SWIFT
is aware of a number of recent cyber incidents in which malicious insiders or
external attackers have managed to submit SWIFT messages from financial
institutions' back-offices, PCs or workstations connected to their local
interface to the SWIFT network," the group warned customers on Monday in a
notice seen by Reuters.
The
warning, which SWIFT issued in a confidential alert sent over its network, did
not name any victims or disclose the value of any losses from the previously
undisclosed attacks. SWIFT confirmed to Reuters the authenticity of the notice.
SWIFT, or
the Society for Worldwide Interbank Financial
Telecommunication,
is a cooperative owned by 3,000 financial institutions.
Also on
Monday, SWIFT released a security update to the software that banks use to
access its network to thwart malware that security researchers with British
defense contractor BAE Systems said was probably used by hackers in the
Bangladesh Bank heist.[L2N17S0RG]
BAE's
evidence suggested that hackers manipulated SWIFT's Alliance Access server
software, which banks use to interface with SWIFT's messaging platform, to
cover their tracks.
BAE said
it could not explain how the fraudulent orders were created and pushed through
the system.
But SWIFT
provided some evidence about how that happened in its note to customers, saying
that in most cases the modus operandi was similar.
It said
the attackers obtained valid credentials for operators authorized to create and
approve SWIFT messages, then submitted fraudulent messages by impersonating
those people.
FireEye,
the internet security company whose Mandiant unit was hired by Bangladesh Bank
to help investigate the heist, said the same group behind that hack had
probably attacked other financial targets.
"FireEye
has observed activity in other financial services organizations that is likely
by the same threat actor behind the cyber attack on the Bank of
Bangladesh," Vivek Chudgar, Mandiant's senior director for the Asia
Pacific said in a statement emailed to Reuters.
FireEye
declined to go into detail.
Rakesh
Asthana, the World Informatix Cyber Security CEO, who is overseeing Bangladesh
Bank's probe into the hack, declined to discuss the other attacks that SWIFT
referred to.
He did,
though, urge banks to conduct independent security assessments to make sure
their networks are secure and prevent future attacks.
“SWIFT
builds on security practices established by the customer itself and therefore
it is imperative that in the wake of this attack, customers using SWIFT
Alliance Access must strengthen their cyber security posture,” Asthana said
FOLLOWING
THE MONEY
Cyber
security experts said more attacks could surface as SWIFT's banking clients
look to see if their SWIFT access has been compromised.
Shane
Shook, a banking security consultant who investigates large financial crime,
said hackers were turning to SWIFT and other private financial messaging
platforms because such attacks can generate more revenue than going after
consumers or small businesses.
"These
hacks specifically target financial institutions because smaller efforts result
in much larger thefts," he said. "It's much more efficient than
stealing from consumers."
Justin
Harvey, chief security officer with Fidelis Cybersecurity, said hackers
followed the money and would be drawn into such schemes in hopes of emulating a
big heist like the one on Bangladesh Bank.
"After
the Bangladesh Bank heist became public, every other attacker out there is
looking to see if they can do the same," he said.
SWIFT
spokeswoman Natasha Deteran told Reuters that the commonality in these cases
was that internal or external attackers compromised the banks’ own environments
to obtain valid operator credentials.
"Customers
should do their utmost to protect against this," she said in an email to
Reuters.
SWIFT told
customers that the security update must be installed by May 12.
"We
have made the Alliance interface software update mandatory as it is designed to
help banks identify situations in which attackers have attempted to hide their
traces - whether these actions have been executed manually or through
malware," she said.
(Reporting
by Jim Finkle in Boston; Additional reporting by Serajul Quadir in Dhaka;
Editing by Jonathan Weber, Martin Howell and Peter Cooney)
No comments:
Post a Comment