Financial Cyber Attacks on the Rise
This post is also available in: 
עברית (Hebrew)
SWIFT, the global financial messaging system, announced that a few of it’s member banks have been attacked by hackers. SWIFT pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts — some of them successful — have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
According to CNBC, the disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.The Brussels-based firm indicated that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.
A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers. All the victims shared one thing in common: Weaknesses in local cyber security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.
SWIFT told banks that it might report them to regulators and banking partners if they failed to meet a November 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter. The security features include technology for verifying credentials of people accessing a bank’s SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.
According to Reuters, SWIFT is trying to coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private. Shane Shook, an independent security consultant who advises central banks added: “This type of information sharing is something that no bank wantsto see happen without their direct approval and involvement, because it can affect market confidence” .
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security. Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador’s Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam’s Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England ordered UK firms in April to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyber risks.
U.S. agencies told banks in June to review protections against fraudulent money transfers. Six U.S. senators urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions”.
