The Society for the Worldwide Interbank Financial Telecommunication (SWIFT) is used by the global financial industry to transfer billions of dollars around the world every day. On Monday, SWIFT released a statement warning customers that it was “aware of a number of recent cyber incidents in which malicious insiders of external attackers [had] managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network.” This recent disclosure goes hand-in-hand with the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank. The Monday statement is the first time SWIFT has acknowledged that the attack on the Bangladesh bank was not an isolated incident, but instead, “one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions, according to Reuters.
In addition to the Monday warning, which was sent confidentially over its network and avoided naming victims or specifics in losses, SWIFT also released a security update to the software. It is said that hackers manipulated SWIFT’s Alliance Access server software, a SWIFT messaging platform, to cover their tracks. Experts in cybersecurity have also explained that as banking clients begin to look into their own SWIFT access, more attacks will likely surface. SWIFT spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials. “Customers should do their utmost to protect against this,” she said. “We have made the Alliance interface software update mandatory as it is designed to help banks identify situations in which attackers have attempted to hide their traces – whether these actions have been executed manually or through malware.” SWIFT told customers that the security update must be installed by May 12.