SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
SWIFT’s chief information security officer said Wednesday that the cooperative is still seeing cases where its customers’ environments have been compromised.
“The threat is persistent, adaptive and sophisticated – and it is here to stay,” Alain Desausoi, the cooperative’s CISO said, adding fraudulent attempts continue to be made through its network to trick banks to send payments.
Desausoi was speaking at the Financial Times Cyber Security Summit Europe in London. In a conversation with Kara Scannell, the publication’s investigations correspondent, the CISO touched on the security of SWIFT’s customers and described a new tool the cooperative announced Tuesday aimed at strengthening its customers existing fraud controls and designed to mitigate future cyber threats.
The tool, called Daily Validation Reports, will give banks and other clients the ability to review a daily summary of their messages. According to a press release issued by the Brussels-based cooperative, the tool is slated for release in December and will help customers verify message activity and tip them off to any unusual patterns.
The cooperative is insisting that the tool will remain separate from customers’ current payment system. Because of the way the tool is set up, firms will be able to access information via an independent channel, even if their systems have been compromised or their records have been obfuscated, SWIFT said.
According to Steven Gilderdale, the head of SWIFT’s Customer Security Program, institutions, especially smaller ones are dependent on its systems – but when those systems become compromised, it can be difficult to access them. Often times information can be altered, too.
“Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud – whether perpetrated by external attackers or by malicious insiders,” Gilderdale said Tuesday.
The announcement comes in the wake of several high profile hacks this year that in some instances saw attackers use malware to issue unauthorized SWIFT messages and conceal that the messages had been sent.
The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, first made the biggest headlines in February when thieves stole credentials and targeted a system belonging to Bangladesh Bank to steal $81 million. Thieves had planned to make off with $951 million but were foiled when the transfers were denied. In addition to the Bangladesh incident, attackers also managed to infiltrate banks in Vietnam and Ecuador this year through stolen SWIFT credentials.
More than 11,000 financial institutions in more than 200 countries use the messaging service to securely send and receive information like money transfer instructions and payment orders, via SWIFT codes.
That there have been further attacks against banks that use the network has been rumored for some time.
Earlier this month Reuters obtained a private letter allegedly sent by SWIFT to its clients warning of additional attacks and encouraging banks to fortify their systems. The letter used the exact same phrasing that Desausoi used on Wednesday and warned clients that the threat is “persistent, adaptive and sophisticated” and “here to stay.”
During the panel, Desausoi clarified that there’s still no indication that SWIFT has been compromised in any of the ongoing breaches. He said that measures like Daily Validation Reports and the consortium’s Customer Security Program, which it launched in July, after conferring with BAE Systems and Fox-IT, have helped thwart attacks.
In the end, Desausoi hinted, it will be the responsibility of the customer to adequately secure their environment, however.
“We are making tangible progress…” Desausoi said, “We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk.”
via Threatpost | The first stop for security news http://threatpost.com
September 21, 2016 at 03:06PM