Threat Management, Incident Response, TDR, Vulnerability Management

After trio of hacks, SWIFT addresses information sharing concerns

On the heels of published reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) has issued a statement to its customers stating that the financial messaging system is taking steps to create more information sharing practices among its customers.

The Ecuadorean bank, Banco del Austro, sued Wells Fargo & Co. in a New York federal court, stating that the financial institution did not notice suspicious “red flags'' involving the fraudulent transfer of $12 million to other banks in January 2015, according to a Wall Street Journal report.

Details of that lawsuit link the cyberheist to later attacks in which hackers stole $81 million from Bangladesh's central bank, and attempted to transfer $1.1 million from a commercial bank in Vietnam. All three attacks appear to have used the SWIFT system, raising questions about the lack of information sharing among international financial institutions.

SWIFT has repeatedly stated that it is not responsible for the attacks, although hackers have used malware to steal credentials of SWIFT customers. “SWIFT will continue to notify you as soon as possible of any cases of malware known to us so that you can better target your preventative and detective efforts in your local environment,” SWIFT said in a statement Friday. The financial messaging platform said it is “receiving feedback from the relevant board committee and overseers in the coming days and will be sharing plans with the wider community.”

RSA director of marketing and technology solutions Rob Sadowski noted the challenges that arise in attempting to implement information sharing practices. “In this case, organizations using SWIFT should now be aware of a dedicated, sophisticated actor group targeting vulnerabilities in this system and should be diligent about operationaliing any new intelligence about these actors,” he said.

Information sharing “is an urgent imperative,” A.N. Ananth, CEO and co-founder of EventTracker, said in an email to SCMagazine.com. “When attacks occur, early warning and expert advice can mean the difference between business continuity and widespread business catastrophe,” he added.

And Roman Foeckl, CEO and founder of Data Loss Prevention firm, CoSoSys, noted that each attack makes protection progressively more difficult. The three attacks “also threatens an additional 11,000 financial institutions,” he said in an email to SCMagazine.com.

Following the attacks, SWIFT urged its 11,000 customers to make information sharing a core priority. “The security of our global financial community can only be ensured through a collaborative approach among SWIFT, its users, its central bank overseers and third party suppliers,” the service said in a statement Friday. “To this end, it is essential that you share critical security information related to SWIFT with us.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.