SWIFT Says Bank Cyber Attacks Are Here to Stay

Uploaded on 2016-10-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

SWIFT has admitted that cyberattacks leveraging the banking messaging system and poor local security have grown worldwide and asked for vigilance against threats which are "here to stay."

Recently, Alain Desausoi, SWIFT's chief information security officer (CISO) said at the Financial Times Cyber Security Summit Europe in London that cyberattacks launched against customers by fraudulently acting as the cooperative's network are being monitored by the group, which has come to the conclusion that such attacks are "persistent, adaptive and sophisticated."

"We continue to see cases in which our customers' environments have been compromised and subsequent attempts made to send fraudulent payment instructions," Desausoi told attendees.

As reported by Threat Post, the executive then explained how SWIFT, used by banks worldwide to verify transfers between banks and other financial services, is introducing new measures through the Customer Security Programme (CSP) to mitigate the damage such fraud can cost.

One new measure, dubbed Daily Validation Reports, has been established to forge a "long-term response" to cyber-fraud, Desausoi said. The tool gives banks and other customers the option to review daily messages and a summary of message flows in order to detect suspicious activity.

The feature, due to be introduced in December, will also give clients access to risk reports for the identification of unusual senders, destinations and patterns.

"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress," Desausoi said. "We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."

The Society for Worldwide Interbank Financial Telecommunication, otherwise known as SWIFT, hit the headlines in February after lax security at the Bangladeshi Bank allowed fraudsters to steal the bank's SWIFT code to make a series of fraudulent payment transfer requests.

Once armed with the code and after spying on bank employees to learn their practices for roughly a month, the cyber-attackers made a series of rapid transaction requests for cash to be sent from the country's New York-based Federal Reserve account to entities across Asia.

The cyber-attackers were able to pilfer $80 million, but the damage could have reached up to $1 billion if it had not been for one US employee who spotted a spelling mistake made in one of the rapid-fire transaction requests and thereby issued an alert blocking all other transfers.

Recently, Reuters reported that the company admitted in a private letter sent from SWIFT to clients that fresh cyberattacks have surfaced against the system since June, some of which were successful.

In the letter, SWIFT said that customer weaknesses in local security permitted fraudulent transactions to go through and compromise local networks.

ZDNet

« An Historic AI Partnership
Twitter On The Block: Offers Over $13B »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.