SWIFT Says Bank Cyber Attacks Are Here to Stay

SWIFT has admitted that cyberattacks leveraging the banking messaging system and poor local security have grown worldwide and asked for vigilance against threats which are "here to stay."

Recently, Alain Desausoi, SWIFT's chief information security officer (CISO) said at the Financial Times Cyber Security Summit Europe in London that cyberattacks launched against customers by fraudulently acting as the cooperative's network are being monitored by the group, which has come to the conclusion that such attacks are "persistent, adaptive and sophisticated."

"We continue to see cases in which our customers' environments have been compromised and subsequent attempts made to send fraudulent payment instructions," Desausoi told attendees.

As reported by Threat Post, the executive then explained how SWIFT, used by banks worldwide to verify transfers between banks and other financial services, is introducing new measures through the Customer Security Programme (CSP) to mitigate the damage such fraud can cost.

One new measure, dubbed Daily Validation Reports, has been established to forge a "long-term response" to cyber-fraud, Desausoi said. The tool gives banks and other customers the option to review daily messages and a summary of message flows in order to detect suspicious activity.

The feature, due to be introduced in December, will also give clients access to risk reports for the identification of unusual senders, destinations and patterns.

"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress," Desausoi said. "We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."

The Society for Worldwide Interbank Financial Telecommunication, otherwise known as SWIFT, hit the headlines in February after lax security at the Bangladeshi Bank allowed fraudsters to steal the bank's SWIFT code to make a series of fraudulent payment transfer requests.

Once armed with the code and after spying on bank employees to learn their practices for roughly a month, the cyber-attackers made a series of rapid transaction requests for cash to be sent from the country's New York-based Federal Reserve account to entities across Asia.

The cyber-attackers were able to pilfer $80 million, but the damage could have reached up to $1 billion if it had not been for one US employee who spotted a spelling mistake made in one of the rapid-fire transaction requests and thereby issued an alert blocking all other transfers.

Recently, Reuters reported that the company admitted in a private letter sent from SWIFT to clients that fresh cyberattacks have surfaced against the system since June, some of which were successful.

In the letter, SWIFT said that customer weaknesses in local security permitted fraudulent transactions to go through and compromise local networks.

ZDNet

« An Historic AI Partnership
Twitter On The Block: Offers Over $13B »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

MonsterCloud

MonsterCloud

MonsterCloud is a leader in managed cyber security services. Our cyber security team constantly monitors and protects businesses from cyber threats.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.