Security & Fraud

SWIFT Warns Banks That Hackers Are Raising The Level Of Their Game

SWFIT

SWIFT is warning banks that cybercriminals are getting more sophisticated and that the risk of digital heist is on the upswing.  The Brussels-based inter-bank messaging system has been actively encouraging banks to increase their security and stave off risks of hacks like the one that left the Central Bank of Bangladesh short $81 million in February 2016.

“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s (BAES.L) cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”

SWIFT, in its warnings, demurred on giving more specific information such as the number of attacks, who the victims have been or, say, how much money has been stolen. But even minus official disclosure, the details on many hacks and attempted hacks have made their way to public consciousness.  Far Eastern International bank, for example, has reportedly lost $500,000 in a cyber heist that they say was lead by a  North Korean hacking group known as Lazarus. Lazarus is suspected to be the same hacking group behind the Bangladesh heist last year.

Nepal’s NIC Asia Bank lost $580,000 in a cyber heist earlier this month, according to the anonymous sources speaking to Reuters. 

The SWIFT report also documents an attack on an unnamed bank that saw hackers essentially camping out within a customer network and using that access point to gather intel that might be useful for a future attack on the whole operational system. The hackers went on to make a dead-of-night attack on the system that left additional malware implanted so that they could easily bypass protocols within the messaging software that require a user confirm their identity.

The hackers, new access in hand, used it to send funds all over the globe by copying pre-formatted payment requests into the messaging software.

And when they were done, the cybercriminals even deleted records of their activity and set up a distraction: ransomwear that locked dozens of computers’ worth of documents behind an encryption key.

SWIFT did not note how much money was stolen, but did note that the fraud was noticed before it was completed and the purloined funds were frozen.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW