SWIFT warns of new attacks, pushes for security upgrades
After cybercriminals lifted $81 million from Bangladesh Bank, SWIFT tightened security but attackers managed to compromise systems at some member banks.
While six Democratic senators were beseeching President Obama in a letter to make cybercrime a priority at this weekend's Group of 20 Summit in China, SWIFT was sending a letter of its own to clients alerting them to additional attacks on member banks.
Earlier attacks against SWIFT banks were, in part, the impetus behind the senators' letter to Obama, as legislators and world leaders have grown increasingly concerned about the devastation hacks could wreak on the global financial systems.
"With so many attack vectors, it was just a matter of time before SWIFT became a focal point for cybercriminals with their financial understanding of the sector's common reactive-ness mentality, or in other words, 'let us see what gets hacked, and then we will react tactically to address it,'” Shane Stevens, VASCO Data Security's director of omni-channel identity and trust solutions, said in comments emailed to SCMagazine.com, “SWIFT got a wake-up call finally for its decision to stay with passwords, albeit stronger ones, when there are far more effective means of authentication available and the 30-year old technology of passwords has long been been proven easy to defeat.”
The additional attacks, which SWIFT said indicated a threat that “is persistent, adaptive and sophisticated – and is here to stay,” included compromises of customers' environments “and subsequent attempts made to send fraudulent payment instructions,” according to Reuters, which obtained a copy of the SWIFT letter.
“This new wave of cyber attacks leveraging the SWIFT messaging system highlights the fact that banks are still behind the times. They've mastered physical security with big vaults and armed guards,” Yorgen Edholm, CEO of Accellion, said in emailed comments to SCMagazine.com. “However, Jesse James and Patty Hearst aren't the bank robbers society has to worry about any more. What's even more frustrating is the fact that hackers are employing the same methods time and time again – and are still successful. We need change now! Until SWIFT and their customers figure out together a way to prevent these hacks, they will continue and faith in the global banking system will continue to suffer.”
Dawid Kowalski, technical director - EMEA at FireMon, said in comments emailed to SCMagazine.com that earlier “events related to Bangladesh Bank exposed weak points of risk management” while the “latest revelations show that for at least one of the attacks on Banks, there was lack of firewall management, not to mention any security posture assessments or event correlation.”
The first attacks, which resulted in the theft of $81 million from Bangladesh Bank in February, had prompted the global financial messaging system to tighten security and put in place additional security procedures.
In the letter to clients, SWIFT urged its members to implement its updated software by the November 19 deadline or risk being reported to regulators and other banks, the report said.
But following SWIFT's recommendations for upgrading security tools and procedures, likely won't be enough, István Szabó, product manager at Balabit, said in comments emailed to SCMagazine.com,"It is important to highlight that these attacks are not primarily machine based and current security tools won't spot them, as the attackers have already gained foothold behind the defense perimeters,” he said. “ As the account they've used for such actions might already possess the highest level of privileges, the bad actors can often do whatever they want and cover up their tracks with ease.”
Privileged users, he added, are targeted in these types of attacks. “Such sophisticated attacks require more sophisticated methods to discover and stop them,” he explained.