SWIFT demands action from members as threat of cyberheists looms large
SWIFT demands action from members as threat of cyberheists looms large

Under siege from hackers looking to steal hundreds of millions from its user base, the financial messaging services provider known as SWIFT has been pressuring, cajoling and even threatening its member banks to deploy better defenses and share cyber intelligence.

With a corporate customer base that includes banks in developing countries with inferior cyber defense practices, the Belgium-based cooperative knows it can't afford to be passive. Like a protective mother, SWIFT intends to make sure that its users take their medicine – because it knows what's best for them.

SWIFT Rallies its Customer Base

Known in full as the Society for Worldwide Interbank Financial Telecommunication, SWIFT adopted its newly aggressive cybersecurity posture shortly after an infamous February 2016 cyberheist in which hackers brazenly scored $81 million by impersonating Bangladesh's central bank on the financial messaging system and then fraudulently requesting money transfers from the U.S. Federal Reserve to accounts in the Philippines and Sri Lanka.

In the months that followed, a series of similar attacks came to light, as cybercrooks prominently targeted additional banks in locations ranging from Ecuador to Vietnam. Although the SWIFT system itself was not hacked in these cases, there was a common thread: attackers abused the service provider's operations by compromising its member banks and stealing their SWIFT credentials.

This prompted SWIFT in May 2016 to launch a Customer Security Program (CSP) designed to get members to comply with recommended cybersecurity guidelines, practice two-factor authentication, and adopt updated SWIFT software featuring integrity verification and alert capabilities. The program also led to the formation of a Customer Security Intelligence team that encourages member banks to share information on threats and possible network intrusions.

SWIFT officials, for their part, appear to be cautiously optimistic that their efforts have staved off additional thefts.

“The proactive intelligence-gathering and forensic work being undertaken by our Customer Security Intelligence team, as well as customers' active use of our Indicators of Compromise (IOCs) and their deployment of our latest software updates… [and] the heightened customer vigilance and improved information flow between customers and SWIFT have all contributed to frustrating recent attack efforts,” said Stephen Gilderdale, managing director at SWIFT, and head of its Customer Security Program.

“Fortunately, a good number of recent attacks have been ultimately thwarted,” Gilderdale continued in an interview with SC Media. “In a few instances the correspondents have observed and stopped suspicious messages; in others, the attacks have been identified and the frauds ultimately prevented as a direct result of measures introduced through the CSP.”

In July 2016, SWIFT hired the UK-based defense and security company BAE Systems and the Netherlands-based cybersecurity services provider Fox-IT to support its Customer Security Intelligence Team initiative.

“As a result of this [Customer Security] Program, and potentially also in part because of the noise around… financial sector cyber risks, we have seen an uptick in the cyber defense measures being taken by the financial industry,” said Christof Geirnaert, cybersecurity specialist at Fox-IT, in an interview with SC Media. “We note that they are especially focused on determining whether they are really in control rather than just simply compliant.”

If true, then this is no small breakthrough, especially when considering the cumulative effect each successive cyberheist attempt has had on SWIFT and its customers.

“I believe that there has been an impact [on] confidence in SWIFT and their inability to take prompt and effective action to cyber-attacks,” said Patricia Hines, a corporate banking senior analyst at Celent, a research and consulting firm specializing in IT in the global financial services industry.

Moreover, “It seems likely that the original malware has been shared among other malicious actors, and without a significant change to the underlying SWIFT programming code base, that malware will continue to be effective,” Hines continued, in an interview with SC Media.