Swift says more cyber thefts took place post Bangladesh Bank heist
Society for Worldwide Interbank Financial Telecommunication (Swift), the popular financial messaging system, has revealed more hacking attacks on its member banks post February’s high-profile $81m (£62m) heist at Bangladesh Bank. Swift is an internationally-recognised identification code for banks around the world used for global wire transfers.
Reuters reports that the institution has sent out private letters to its banking clients to bolster their security systems as new cyber-theft attempts, many of which have been successful, have surfaced since June. The last time Swift updated customers on such attacks was soon after the attack on the Bangladesh central bank.
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” says the letter accessed by Reuters. “The threat is persistent, adaptive and sophisticated – and it is here to stay,” it adds.
Although some time has passed since these attacks happened, Swift has only disclosed the new hacks now after reports of previous incidents prompted regulators in Europe and the US to urge banks to bolster cyber-security. The company has, however, refused to divulge any detailed information on the recently uncovered incidents or which banks/financial firms may have been struck. Although it mentioned that some victims in the new attacks lost money, the value was not declared.
Investigation into the Bangladesh Bank heist had suggested that weak security procedures made it easier to hack into the system used to send Swift messages requesting large money transfers. The bank even lacked a basic firewall and used second-hand electronic switches to network those computers.
The heist took place when cybercriminals looted the massive amount from the Bangladesh Bank’s account at the Federal Reserve in New York. The hackers not only took control of the bank’s network but also stole credentials for the Swift messaging system and then used malware to attack the computers used to authorise transactions. The stolen funds were eventually traced to accounts based in the Philippines.