Banks Need to Rethink Cybersecurity After Recent Heists Through SWIFT

Posted on by Caitlin Moriarity

financial servicesCyberheists are on the rise. But how are hackers getting into financial institutions with some of the best security on the planet?

Through a third party, it turns out.

A number of major international cyberheists have been connected to the interbank SWIFT messaging system.

Tien Phong Commercial Joint Stock Bank, based in Hanoi, Vietnam, said in a May 15 statement that it had recently foiled an attempt to steal $1.36 million via SWIFT. And a successful heist back in February, in which $100 million was taken from the Bank of Bangladesh, only a fraction of which was returned, resulting in the loss of $81 million, was also carried out via the messaging system. A $12 million heist from Ecuador's Banco del Austro and a cyberattack on an unidentified victim in the Phillippines may also be connected, according to Reuters.

At the time, the Bangladesh Bank theft was dismissed as an isolated incident, but the other events point to a possible pattern of thieves using SWIFT to attack banks and steal money.

SWIFT, which stands for the Society for Worldwide Interbank Financial Telecommunication, was founded in 1973 and is a cooperative owned by about 3,000 banks. The consortium maintains an interbank messaging system used by 11,000 banks today. And a cyberthreat against SWIFT has the potential to compromised each and every one of those banks.

SWIFT is widely believed to be one of the most secure financial messaging systems on the planet. So how are hackers getting in? SWIFT claims that their own systems were compromised by third party vendors, and the attacks were made to SWIFT’s connections to the banks affected, not to the SWIFT system itself. Security for a bank’s connection to SWIFT is handled by the bank itself, not SWIFT.

The thieves were able to obtain credentials to log into SWIFT, and compose fraudulent messages initiating transfers (or at least attempting to) from the target bank’s accounts. Hackers are also believed to have used compromised PDF reader software infected with malware to erase traces of the messages, covering their tracks. 

It's now suspected that one group of hackers is behind many of the recent cyberattacks on banks, Reuters reported. "There is a hacker group out there that is polished and practiced. They know when they target a bank, they get in and get out and the attack will work," said Dan Guido, chief executive of cyber-security firm Trail of Bits and former member of the security team for the U.S. Federal Reserve System. The FBI also issued an alert about this group of cyberattackers.

The U.S. Federal Financial Institutions Examination Council is recommending that banks review their current cybersecurity practices as well as adhere to current cybersecurity guidelines issued by the council. The FFIEC specifically recommends that banks assess their payment systems networks, checking aspects such as authorization, authentication, response management, and fraud detection; and that banks should also look into their risk management best practices.

SWIFT itself is also recommending that banks investigate their access points to SWIFT and make sure those access points are secure.

Cybercriminals are getting better and better at what they do, and any financial institution that wants to protect its assets, and the assets of its customers, will need to take steps to try and prevent similar fraudulent transfers from happening to them.

And that still may not be enough. It could be necessary to rethink the entire SWIFT system, or to replace it with something new.

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community