Swift Admits More Banks Have Been Hit by Cyber Attacks – Report
Under fire global bank transfer operator Swift has revealed more cyber-attacks on its members have taken place recently, some of them successful.
The Brussels-based group sent a letter to its members designed to pressure them in to complying with new security rules drawn up following the $81 million heist from Bangladesh Bank.
"Customers’ environments have been compromised, and subsequent attempts [were] made to send fraudulent payment instructions," it read, according to Reuters. "The threat is persistent, adaptive and sophisticated – and it is here to stay."
The member-owned group apparently didn’t explain how many lenders were hit, but did say that they were of varying sizes and located in different regions.
It’s also believed the attackers used different methods to compromise weak security in local networks in order to issue phony bank transfer requests.
The same strategy was used to steal from the central bank of Bangladesh, where hackers are thought to have taken advantage of several security oversights – such as the lack of a firewall and the use of second-hand $10 switches.
Swift is said to have warned member banks that if they don’t install the latest version of its software by the November deadline, it may inform regulators.
This update includes improved access controls and better tools for spotting cyber intrusions, the report claimed.
Swift has been on the back foot ever since news broke of the $81m cyber theft earlier this year, suffering criticism that it hasn’t done enough to help its smaller member banks withstand sophisticated online attacks.
As a result, it launched its five-stream Customer Security Programme back in June which includes commitments on improved information sharing, the development of audit frameworks to securely manage Swift messages, and more.
But last month Swift suffered another blow when former directors and an ex-CEO claimed the organization took its eye off the ball on security for years, with some even arguing board members weren’t up to the job.
Source: Information Security Magazine