Team says it has already sniffed
BAE Systems has been recruited to help
SWIFT’s newly formed Customer Service
Intelligence team in a bid to get ahead of
cyber-criminals targeting banks
connected to the global financial
messaging service.
The announcement follows the analysis
and identification of malware that BAE
Systems’ threat intelligence team was
able to link to an attack on Bangladesh
Bank in February 2016. Hackers stole $
81m from an account held in New York
by Bangladesh’s central bank after lifting
the financial institutions authorisation
codes. Malware analysis by both BAE
Systems and Symantec linked the crooks
behind the Bangladesh account raid to the
hackers who ransacked Sony Pictures
Entertainment’s systems back in 2014.
The same hacker group is also suspected
in the theft of $12m from an Ecuadoran
bank, Banco del Austro SA and $10m
from a Ukrainian bank as well as a string
of thwarted assaults worldwide against
Tien Phong Bank in Vietnam, an unnamed
bank in the Philipines and others.
These cyber-heists relied on hackers using
malware to infect bank terminals and
obtain login credentials for the SWIFT
messaging system, allowing crooks to
send fraudulent transfer orders. SWIFT’s
network and infrastructure were not
In response to the heightened security
risk, SWIFT said it will “expand” its use of
two-factor authentication as well as
mandating “baseline” security standards
as well as improving information sharing.
The newly formed Customer Security
Intelligence team will “complement
SWIFT’s in-house cyber security experts,
and support SWIFT’s customer
information sharing initiative to
strengthen cyber security across the
global community.” Cyber forensics
experts at Fox-IT as well as threat intel
experts BAE Systems have been sworn in
as deputies to the programme.
The initiative will assist SWIFT’s
community by undertaking forensic
investigations on customer
compromises related to SWIFT
products and services,
complementing the affected
customers’ own investigations. It
will also provide related
intelligence back to the wider
SWIFT community in anonymised
form to help prevent frauds in
customers’ environments.
SWIFT (Society for Worldwide Interbank
Financial Telecom) recently announced it
would consider suspending banks with
weaker cyber defences until they improve
their security.
SWIFT CTO, Craig Young, explained:
“Customer intelligence, including
intelligence related to attacks that have
ultimately failed, is crucial to helping us
continue protecting our community.
Information we have already received
from impacted banks has allowed us to
identify new malware and to publish
related indicators of compromise (IoCs)
which are helping to protect the wider
community. An important dependency of
this initiative is SWIFT’s timely receipt of
information from affected customers. We
therefore continue to remind customers
that they are obliged to inform SWIFT of
such incidents as soon as possible, and
to proactively share all relevant
information with us so we can assist all
SWIFT users.” ®