Hackers could cripple major world banks using our network, says Swift CEO


Three banks have lost millions of dollars to hackers using the Swift network

Swift's CEO has warned that hackers could use its financial transfer system to bring international banks to their knees.

The warning comes after a bank in Ecuador became the third financial institution to be attacked by hackers using the Swift network, which facilitates currency trading between more than 11,000 banks in 200 countries, losing $12 million.

Previous cyber attacks took money from banks in Vietnam and Bangladesh, and Gottfried Leibbrandt, CEO of Swift, warned these attacks appear to be part of a coordinated campaign. "The Bangladesh fraud is not an isolated incident," he said.

"We are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts."

In all three cases, the hackers got round the bank's security by using malware, then used the Swift network to conduct fraudulent cash transfers.

However, while the amounts stolen were relatively small, the attackers could potentially destroy an entire bank.

"In the recent cases, thieves were able to move just some of those banks' overseas assets," Leibbrandt said. "As a result, for the banks concerned, the events haven't been existential. The point is that they could have been."

Swift is reportedly beefing up security in order to protect its corporate clients, including security audits and stricter requirements for banks' endpoint security.

"The financial industry, as a community, has to be clear that cyber risk is big," Leibbrandt said. "There will be more cyber attacks. And inevitably some will be successful."

Investigations into all three cyber heists are ongoing, but no suspects have yet been formally identified.

18/05/2016: US banks question security of Swift financial network

The security of the Swift global banking platform has been called into question by major US banks today, following cyberattacks on banks in Bangladesh and Vietnam.

It was recently disclosed that the service, which is used to transfer large sums of money between international banks, was used to attack the Tien Phong Bank in Vietnam, as well as the Bangladesh central bank.

In February, thieves stole £75 million from the Bangladesh central bank's account at the New York Federal Reserve. A similar attack, to the value of around £775,000, was attempted on Tien Phong Bank, although the bogus transaction was halted.

Several US financiers have responded by examining Swift's security. In particular, JPMorgan Chase has placed restrictions on which employees can access the service, according to the Wall Street Journal.

The limitations are standard practice following a security breach in the banking sector, but concerns have been raised that the thefts could be linked to malicious insiders within the industry.

Other US banks are calling for the service to boost security in the wake of the incidents, reports Bloomberg, with questions over whether or not Swift was fast enough in its response.

According to a private report from BAE Systems, the malware used in the Tien Phong Bank attack included Swift codes for at least seven other international financial institutions in countries such as South Korea, China and Japan.

The revelations are particularly troubling, as the range of affected institutions implies that Swift itself could be vulnerable, rather than - as its regulators had previously suggested - the banks themselves

13/05/2016: Swift banking network hit by second cyberattack

Global financial network Swift has been hit by a second cyber attack, the company has admitted.

The service, which is used for massive financial transactions between banks and bankers, revealed on Thursday it was targeted by hackers for the second time this year.

The system was also infiltrated in February, and used to steal £75 million from the New York Federal Reserve account of Bangladesh's central bank.

The latest target, a Swift spokeswoman said, was an unnamed commercial bank. The spokeswoman did not reveal if any money was stolen.

It is currently unknown whether or not the two attacks are related, but Swift believes that both incidents are "part of a wider and highly adaptive campaign targeting banks".

The attackers reportedly had a "deep and sophisticated knowledge of specific operational controls" and used stolen credentials to access the system.

The company warned that they may have also utilised "malicious insiders or cyber attacks, or a combination of both", and in the second instance used malware to alter documents and cover their tracks.

"The second cyber attack revealed by Swift in as many months is a wake-up call for banks across the globe," said Splunk security expert Matthias Maier. "These are not isolated incidents. Serious investigations must follow given the custom built nature of the malware used in these attacks."

"It appears to have been created by someone with an intimate knowledge of how the Swift software works as well as its business processes," he noted, "which is cause for concern."

"Other banks participating in the Swift network now need to compare the indicators of compromise shared by BAE Systems with the data generated by their own environment to understand whether or not they have also been affected and how to respond effectively."