The global bank messaging system SWIFT disclosed an unknown number of new attacks that have hit clients, including some that led to bank thefts.
SWIFT sent a private letter to clients that stated there have been more attacks detected since June when SWIFT first detailed plans to improve security. The first known attack on the SWIFT messaging system was in February when attackers nearly stole $1 billion from the Bangladesh central bank; however, a crucial spelling error caused the hackers to only get away with $81 million.
SWIFT said in the letter there have been more attacks detected since June, some of which were successful, but it did not detail how many attacks or how many bank thefts there have been. The banks were said to vary in size and location and the attackers used multiple ways to access the SWIFT messaging system.
"Customers' environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," SWIFT wrote in the letter. "The threat is persistent, adaptive and sophisticated -- and it is here to stay."
The letter reportedly suggests the thieves have become more active in targeting banks since February. Avivah Litan, vice president and distinguished analyst at Gartner, told SearchSecurity she believes the increased activity is due to attackers becoming aware of the vulnerabilities in the banks.
Litan has been critical of SWIFT's response to the attacks, saying previously that SWIFT's plan to improve bank security was "short on substance" and noted these latest attacks should give SWIFT more impetus to make security improvements quickly.
J.Paul Haynes, CEO at cybersecurity company eSentire in Cambridge, Ontario, said the attacks highlight the need for improved detection and response to protect smaller banks.
"The SWIFT-related breaches disclosed in recent weeks aren't necessarily fresh; some breaches occurred months, some even years ago. SWIFT's response to these breaches is reactionary. Unfortunately for SWIFT, the number of breach incidents has drawn attention to a serious vulnerability between SWIFT clients and the SWIFT network," Haynes told SearchSecurity. "Many of the banks targeted through the latest rash of attacks operate in countries where regulatory controls aren't as stringent or are underdeveloped. Clearly attackers found a high level of success focusing on banks in regions known to have lighter defense controls."
Eldon Sprickerhoff, eSentire founder and chief security strategist, said fixing the issues in SWIFT will not be easy.
"It's important to realize that a huge problem with the previous SWIFT implementation was non-repudiation. Within the vulnerable protocol, there was no uniform way to consistently bolt-on a means to verify that the initiator of the transfer is truly that whom they say they are," Sprickerhoff said. "However, given the size of the network, and the fact that over 15 million messages are sent every day, it will not be a simple effort to migrate to a new protocol. As well, since SWIFT is a co-operative entity, it lacks regulatory authority over its members. In an effort to encourage members to upgrade to the newest version of SWIFT software, they're trying to use moral suasion coupled with the threat of going public to regulators and banking partners, those who choose not to upgrade by November 19th. Time will tell if this carrot-and-stick approach will work."
Find out about the new SWIFT Customer Security Intelligence team.
Get info on why fears over the IT security of new banks might be overblown.