SWIFT banking network warns customers of cyberfraud cases
The warning from SWIFT (Society for Worldwide Interbank Financial Telecommunication) suggests that a February attack on the Bangladesh Bank, in which thieves got away with US $81 million, was not an isolated incident.
SWIFT is aware of malware that "aims to reduce financial institutions’ abilities" to find evidence of fraudulent transactions on their local systems, the organization said Tuesday. The malware has "no impact on SWIFT’s network or core messaging services," it added.
SWIFT has informed customers that "there are other instances in which customers’ internal vulnerabilities have been exploited," the organization added. SWIFT is calling on customers to take steps to secure their systems and has issued a mandatory software update.
Attackers in these incidents have compromised bank systems and obtained valid credentials for creating and submitting messages on the network, SWIFT said. "The malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security," the organization said.
The hackers, who attacked the Bangladesh Bank, appeared to use custom malware designed to interfere with SWIFT's transaction software, researchers said this week.
SWIFT is now aware of "a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations" connected to the SWIFT network, said a confidential notice seen by Reuters, according to a news story posted Tuesday.
SWIFT did not name any victims or disclose the amount of losses related to the recent cyberattacks.
The organization has issued a security update on Monday aimed at the malware that researchers identified as used in the Bangladesh attack. The likely Bangladesh malware, identified by researchers from BAE Systems, appears to be a custom attack toolkit, they said. The malware was designed to monitor, delete and alter transaction records in the database used by the SWIFT client software.