SWIFT Says Bank Cyber Attacks Are Here to Stay

SWIFT has admitted that cyberattacks leveraging the banking messaging system and poor local security have grown worldwide and asked for vigilance against threats which are "here to stay."

Recently, Alain Desausoi, SWIFT's chief information security officer (CISO) said at the Financial Times Cyber Security Summit Europe in London that cyberattacks launched against customers by fraudulently acting as the cooperative's network are being monitored by the group, which has come to the conclusion that such attacks are "persistent, adaptive and sophisticated."

"We continue to see cases in which our customers' environments have been compromised and subsequent attempts made to send fraudulent payment instructions," Desausoi told attendees.

As reported by Threat Post, the executive then explained how SWIFT, used by banks worldwide to verify transfers between banks and other financial services, is introducing new measures through the Customer Security Programme (CSP) to mitigate the damage such fraud can cost.

One new measure, dubbed Daily Validation Reports, has been established to forge a "long-term response" to cyber-fraud, Desausoi said. The tool gives banks and other customers the option to review daily messages and a summary of message flows in order to detect suspicious activity.

The feature, due to be introduced in December, will also give clients access to risk reports for the identification of unusual senders, destinations and patterns.

"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress," Desausoi said. "We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."

The Society for Worldwide Interbank Financial Telecommunication, otherwise known as SWIFT, hit the headlines in February after lax security at the Bangladeshi Bank allowed fraudsters to steal the bank's SWIFT code to make a series of fraudulent payment transfer requests.

Once armed with the code and after spying on bank employees to learn their practices for roughly a month, the cyber-attackers made a series of rapid transaction requests for cash to be sent from the country's New York-based Federal Reserve account to entities across Asia.

The cyber-attackers were able to pilfer $80 million, but the damage could have reached up to $1 billion if it had not been for one US employee who spotted a spelling mistake made in one of the rapid-fire transaction requests and thereby issued an alert blocking all other transfers.

Recently, Reuters reported that the company admitted in a private letter sent from SWIFT to clients that fresh cyberattacks have surfaced against the system since June, some of which were successful.

In the letter, SWIFT said that customer weaknesses in local security permitted fraudulent transactions to go through and compromise local networks.

ZDNet

« An Historic AI Partnership
Twitter On The Block: Offers Over $13B »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Cyrebro

Cyrebro

CYREBRO is your online cybersecurity central command managed SOC that integrates all your security events with strategic monitoring, proactive threat intelligence, and rapid incident response.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Orchid Security

Orchid Security

Orchid Security provides unprecedented insight and action to your identity security with the help of advanced technologies like Large Language Models (LLM).