Bank of England in Swift Security Warning
The Bank of England has told UK banks they need to perform compliance checks to ensure they’re following cybersecurity best practice following the $81 million virtual robbery of the Bangladesh Bank in February.
Unnamed people “familiar with the effort” told Reuters that the order came in the second half of last month, although the central bank itself has refused to comment on the matter.
The checks are essentially designed to ensure banks follow the advice of inter-bank messaging system supplier Swift, which was at the center of the audacious cyber heist earlier in the year.
These apparently include user entitlement reviews to ensure only legitimate employees have access to the Swift network, which facilitates bank transfers and the like.
Also included on the checklist was an order to check the Indicators of Compromise that have been deduced from previous attacks by investigators at BAE Systems and elsewhere.
Also in there was a requirement to upgrade key Swift Alliance Access software by mid-May.
The news comes as yet another bank revealed it has been targeted by what appears to be the same group of hackers.
A week ago, Vietnamese lender Tien Phong Bank admitted it successfully identified and stopped an attempted theft of over $1 million via a third party provider which manages its connection to the Swift network.
At around the same time, Swift itself issued a lengthy notice urging banks to review their security controls.
This is despite claims from Bangladesh Bank staff that it was the messaging company itself – owned and run by a group of global financial institutions – that was to blame for the $81m robbery.
Technicians left several security holes when they were connecting the bank’s real-time gross settlement (RTGS) system to the Swift network, they claimed.
Swift has always maintained that in these incidents it is the banks themselves that are to blame.
Many security experts believe the black hats involved in this case have detailed knowledge of the inner workings of the system.
Source: Information Security Magazine