SWIFT Says Bank Cyber Attacks Are Here to Stay

SWIFT has admitted that cyberattacks leveraging the banking messaging system and poor local security have grown worldwide and asked for vigilance against threats which are "here to stay."

Recently, Alain Desausoi, SWIFT's chief information security officer (CISO) said at the Financial Times Cyber Security Summit Europe in London that cyberattacks launched against customers by fraudulently acting as the cooperative's network are being monitored by the group, which has come to the conclusion that such attacks are "persistent, adaptive and sophisticated."

"We continue to see cases in which our customers' environments have been compromised and subsequent attempts made to send fraudulent payment instructions," Desausoi told attendees.

As reported by Threat Post, the executive then explained how SWIFT, used by banks worldwide to verify transfers between banks and other financial services, is introducing new measures through the Customer Security Programme (CSP) to mitigate the damage such fraud can cost.

One new measure, dubbed Daily Validation Reports, has been established to forge a "long-term response" to cyber-fraud, Desausoi said. The tool gives banks and other customers the option to review daily messages and a summary of message flows in order to detect suspicious activity.

The feature, due to be introduced in December, will also give clients access to risk reports for the identification of unusual senders, destinations and patterns.

"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress," Desausoi said. "We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."

The Society for Worldwide Interbank Financial Telecommunication, otherwise known as SWIFT, hit the headlines in February after lax security at the Bangladeshi Bank allowed fraudsters to steal the bank's SWIFT code to make a series of fraudulent payment transfer requests.

Once armed with the code and after spying on bank employees to learn their practices for roughly a month, the cyber-attackers made a series of rapid transaction requests for cash to be sent from the country's New York-based Federal Reserve account to entities across Asia.

The cyber-attackers were able to pilfer $80 million, but the damage could have reached up to $1 billion if it had not been for one US employee who spotted a spelling mistake made in one of the rapid-fire transaction requests and thereby issued an alert blocking all other transfers.

Recently, Reuters reported that the company admitted in a private letter sent from SWIFT to clients that fresh cyberattacks have surfaced against the system since June, some of which were successful.

In the letter, SWIFT said that customer weaknesses in local security permitted fraudulent transactions to go through and compromise local networks.

ZDNet

« An Historic AI Partnership
Twitter On The Block: Offers Over $13B »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

InsightCyber

InsightCyber

InsightCyber is on a mission to keep the world’s critical infrastructure, supply chains, and manufacturing operations cyber-safe, helping to prevent attacks that can have catastrophic impacts.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Alea Consulting

Alea Consulting

Alea Consulting is a global risk mitigation and investigative consulting firm, which helps organizations reduce reputation and operational concerns.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

Bridgenet Solutions

Bridgenet Solutions

Bridgenet specialises as a top-notch Information and Technology Solutions Provider for businesses.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.