SWIFT network is urging banks to share information on fraud attacks to prevent hacks in the future.
The request comes on the heels of the Bangladeshi bank heist in which fraudsters got away with $81 million by hoaxing the SWIFT messaging service. Further investigation of the matter led SWIFT to uncover yet another breach in which fraudsters targeted PDF reader systems to skim information using malware with a similar code base.
The Bangladeshi and Vietnamese attacks weren't the only two incidences that have raised red flags for the international financial messaging service. The latest to add to the list are Wells Fargo, Ecuador’s Banco del Austro (BDA) and Citibank, whose chief operation officer, Yawar Shah, is chairman of SWIFT's board. These organizations didn't inform SWIFT of an attack last year in which over $12 million was stolen from BDA, Reuters reported.
In a statement, SWIFT said that it's important that banks “immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services.”
While, in the Bangladeshi cyberheist, SWIFT cleared itself of any responsibility leading to the fraud attack, a SWIFT veteran has come forward and pointed out that SWIFT has long-known that its connections to users are its weakest link and that it needs to ramp up on improving security around it, The Wall Street Journal reported.
“It’s a huge wake-up call,” Leonard Schrank, SWIFT's CEO for 15 years until 2007, told WSJ. “They should play a higher role.”
And even though, after these fraud attacks, SWIFT and its clients, such as JPMorgan, seem to be more proactive with taking precautions, it is unlikely that such incidences would subside, FireEye noted in a report, which says that Bangladeshi hackers seem to be still active.
“We are seeing the same threat actors target some of our customers,” said Bryce Boland, CTO for FireEye's Asia-Pacific region. “I’m fairly confident other breaches are taking place.”