![]() The false BDA SWIFT messages should have been easily spotted, as they were placed outside of normal working hours and were for unusually large amounts, while only a spelling error managed to stop cybercriminals targeting the Bangladesh central bank from stealing nearly a $1 billion. SWIFT certainly needs improved monitoring, detection and response to suspect messages - an area where behavioral and context monitoring can certainly help. This requires banks to share information that could undermine public confidence, something they've always been reluctant to do in the past, but which might be vital for collaboration against a common enemy. SWIFT has to feed and receive threat intelligence to and from its members to stop multiple clients from falling victim to the same attack techniques. It has also partnered with cybersecurity firms BAE Systems and Fox-IT to create a new Customer Security Intelligence team. SWIFT has begun to improve its architecture, with one change being a distributed architecture with a two-zone model for storing messages. However, the security of the entire network has to be improved quickly to preserve trust in the system. Upgrading the existing protocols would be a slow process due to legacy issues, and backwards compatibly requirements usually result in a less than ideal solution. Given the mission-critical nature and size of the SWIFT network, the volume of daily messages and other technical aspects, it would be difficult to migrate to a brand new protocol SWIFT already has to work hard just to get some members to upgrade to the newest version of the SWIFT software. That means the core protocols don't have all of the essential security controls, such as nonrepudiation, built in. SWIFT, like the internet, was conceived at a time when security was not a major consideration. In a different attack, thieves sent authenticated SWIFT messages similar to recently canceled transfer requests to Wells Fargo from Banco del Austro (BDA) in Ecuador using the legitimate SWIFT credentials of a BDA employee, and they made off with $12 million. The Bangladesh central bank lost $81 million, while a bank in Vietnam is thought to have been the second victim. An unknown number of attacks on SWIFT have hit banks hard for example, two attacks in 2016 involved malware that issued unauthorized SWIFT messages and prevented confirmation messages from revealing the theft by altering reports when they were sent to be printed, either as paper records or as PDF reports. ![]() Hackers have found that they can leverage vulnerabilities in SWIFT's member banks' processes and procedures, particularly those in countries where regulatory and security controls are less robust, to access their networks. Even though SWIFT shares financial records with various government agencies for use in antiterror investigations, Edward Snowden revealed that the National Security Agency spied on SWIFT using a variety of methods, including reading SWIFT printer traffic from numerous banks.Ĭybercriminals, meanwhile, have been abusing the SWIFT network to steal millions of dollars. The first message sent over SWIFT's communications network was in 1977, and its messaging services are now used by 11,000 financial institutions in more than 200 countries, exchanging millions of messages every week.Īlthough the SWIFT network doesn't actually handle the transfer of money - it only sends payment orders - the nature of these messages makes them of huge interest to hackers, cybercriminals and nation states. SWIFT was founded in 1973 to establish common standards for sending and receiving information about financial transactions and to replace the Telex technology being used at the time. ![]() It has acknowledged that the threat of attack is "persistent, adaptive and sophisticated - and it is here to stay," but what's ailing the SWIFT network and what, if anything, can be done about it?
0 Comments
Leave a Reply. |