In the last months, a worrisome string of attacks against banks worldwide through the SWIFT system has alarmed the banking industry. The so-called “SWIFT hackers” have conducted multiple cyber attacks against financial institutions. We reported the successful cyber heists on the Bangladesh bank, against a Ukrainian bank, and the Ecuadorian bank, meanwhile, a Vietnam bank reported to have blocked an ongoing cyber heist.
In May, a fourth Bank in the Philippines was a victim of the SWIFT hackers and the experts at Symantec confirmed the malware used by the crooks shares code with tools used by the notorious Lazarus group linked to the North Korean Government.
According to the Reuters agency, the SWIFT issued a new warning urging member banks to implement the new SWIFT software by 19 November.
The latest version of SWIFT’s software implements new security features specifically designed to defeat such kind of attacks.The authentication processes have been improved such as the implementation of mechanisms to early detect fraudulent activities.
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions. The threat is persistent, adaptive and sophisticated – and it is here to stay.” states the SWIFT.
The organization hasn’t provided further details on the alleged additional cyber attacks against banks worldwide.
“All the victims shared one thing in common,” says Reuters: “Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers.”
SWIFT told banks that it might report the incident to regulators and banking partners if they failed to adopt the new SWFT software.
Despite the efforts of the SWIFT, many experts speculate that the new security features are not enough to consider completely secure the banking systems.
Of course, the cyber attacks have prompted regulators globally to press financial institution to bolster their security defenses.
(Security Affairs – Cyber heists, banking)