Bad news broke on Monday morning (April 25) for global payments messaging platform SWIFT as BAE Systems released analysis concluding that cyberthieves hacked into SWIFT’s software, causing the $81 million bank heist from the Bangladesh central bank.
SWIFT has since confirmed that its software, which was used to send fraudulent messages, was the target of “a number of recent cyber incidents,” Reuters reported.
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” a notice from the group said, according to Reuters.
Yesterday, the company released a software update to safeguard against the malware and has also issued a special warning to financial institutions regarding cybersecurity.
A blog post on BAE Systems’ site outlined how attackers hacked into SWIFT’s Alliance Access software, which supported the Bangladesh Bank’s payment system infrastructure.
The high-profile attack occurred in February, with hackers attempting to steal $951 million; they made off with $81 million, which, as of Monday, remained unaccounted for, according to BAE.
The company said attackers used a set of “highly configurable” tools, including malware, to create fake payment instructions and initiate a transfer.
Details of the alleged cyberattack are complex but include the attackers hacking into the bank’s printing systems to prevent the fraudulent transaction documents from getting printed out at the bank and potentially getting recognized by employees.
“This malware was written bespoke for attacking a specific victim infrastructure, but the general tools, techniques and procedures used in the attack may allow the gang to strike again,” BAE concluded in its post. “All financial institutions who run SWIFT Alliance Access and similar systems should be seriously reviewing their security now to make sure they too are not exposed.”
SWIFT assured that “the malware has no impact on SWIFT’s network or core messaging services,” according to the firm’s spokesperson, Natasha Deteran, who added that “the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems.”