Bad news for banks with lax security that also use SWIFT, the global financial transaction messaging network, as hackers are still pulling off high-tech heists.
On Tuesday, the Society for Worldwide Interbank Financial Telecommunication, more commonly called SWIFT, notified customers of “ongoing attacks.”
Hackers have again stolen money from banks, yet SWIFT did not say how many attacks were successful, did not identify specific banks and did not say how much was stolen. The banks, which “varied in size and geography and used different methods for accessing SWIFT,” shared one common denominator; each had weak local security.
The SWIFT notice, according to Reuters, read:
Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions.
The threat is persistent, adaptive and sophisticated – and it is here to stay.
Banks were urged to stop dragging their feet, get serious about security, and get the latest version of SWIFT software installed pronto. Or else…
Although SWIFT claimed it doesn’t disclose “affairs of specific customers,” that confidentiality arrangement might change. If banks miss the November 19 deadline for installing the latest and more secure version of SWIFT software, then SWIFT threatened it might report the banks “to regulators and banking partners.” No bank wants its private dirty laundry to be aired in public.
The newest SWIFT software reportedly includes security features which could have stopped the latest hack attacks. The features were rolled out after Bangladesh Bank was breached and almost lost $1 billion … saved only by a New York Federal Reserve Bank employee noticing a typo which raised suspicions about the payment request. Bangladesh Bank had used $10 second-hand networking gear and had no firewall.
Researchers at BAE analyzed the malware which is believed to have been designed specifically so attackers can abuse SWIFT. After other banks were targeted, SWIFT issued a warning. Hackers managed to steal $12 million from Ecuador's Banco del Austro and attempted to steal $1.36 million from Vietnam's Tien Phong Bank. Attacks abusing weak security measures to target SWIFT were also aimed at banks in the Philippines and New Zealand. The security firm FireEye was sent in to investigate attacks on up to another dozen banks.
Symantec researchers suspected that a hacking group known as Lazarus was responsible for the attacks; in fact, the wiping code used to hide the bank hacks was also used in the Sony Pictures attack. The FBI decided the North Korean government was behind the attack on Sony.
Near the end of June, hackers stole $10 million from an unnamed Ukrainian bank after taking advantage of shoddy security and then transferring money out via SWIFT. The Information Systems Audit and Control Association reported, “Dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars.”
SWIFT believes better security could put an end to these high-tech heists. In its letter to customers, SWIFT said the affected banks “shared one thing in common; they have all had particular weaknesses in their local security. These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages.”
SWIFT has tried repeatedly to get banks to step up security, adding that there is “no indication that the SWIFT network or core messaging services have been compromised.”