Multiple Banks Hit with SWIFT Attacks Like One That Hit Bangladesh Central Bank

Share Button

The financial world was shaken in the last few weeks. It came to light that hackers breached systems of Bangladesh Bank, and attempted to steal $951 million from its account at the Federal Reserve Bank of New York. While the majority of transfers were blocked, $81 million was successfully transferred to accounts in the Philippines, making it one of the largest cyber heists to date.

Investigators believe the attackers have targeted other financial institutions. Easy Solutions can confirm, from our discussions with major financial institutions throughout Latin America, that multiple banks have been hit with similar attacks, some successfully stealing upwards of $10 million per bank.

The SWIFT system is painfully outdated, and is providing cyber criminals with the keys to the kingdom once they are able to access site. Money can be quickly transferred out and placed in any country of the criminal’s choosing, to then be funneled around the world.

SWIFT is the standard for financial messaging services used by most financial institutions across the globe to quickly send and receive information, including money transfer instructions. While it uses a private network, SWIFT is still a messaging system and hence, it’s an avenue for cybercriminals to launch a wide range of electronic attacks.

The banks Easy Solutions are speaking with want to enhance the security of access to the SWIFT system. Because financial institutions use SWIFT mainly as a closed network, many of the traditional anti-fraud techniques used to protect web-based systems do not apply. So in this instance, deploying multi-factor authentication becomes even more critical, as the identity of the user is truly the only avenue into the network. By leveraging multi-factor authentication, be it biometric, push messages, token-based or some other format, banks can prevent criminals from accessing their SWIFT profile, even if they have the SWIFT codes and username and passwords.

New SWIFT Web access – Opening the Door for Criminals?

However, it’s important to note that SWIFT has recently launched SWIFT Web access, which may be the starting point for criminals to start phishing campaigns against bank’s employees to compromise SWIFT credentials.

SWIFT login

We expect to see additional banks come forward to admit that they have been victims of SWIFT attacks. Multi-factor authentication adoption should be an immediate priority for all banks who do not already have it protecting their SWIFT network access.

Related Posts

The Fraud Beat 2019: Time to Reevaluate It has never been clearer that organizations are aware of the risks of fraud: in 2019 100% of financial institutions surveyed in the Faces of Fraud Report reported increasing or maintaining their budgets for fraud prevention.
Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.

Leave a Reply

Your email address will not be published. Required fields are marked *