SWIFT reports new ‘sophisticated’ malware attack

© PlanetSWIFT
The global provider of money transfer services, SWIFT, has warned that a second case of a targeted malware attack, similar to February’s $81 million breach at the Bangladesh central bank, has affected at least one other financial institution.

Without naming the new targets, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) said that intruders managed to bypass risk controls potentially exposing the system to the possibility of illegal money transfers.

The “attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both,” the statement reads according to Financial Times.

While warning that the incident is part of a “wider and highly adaptive campaign targeting banks”, the Belgian company said that the “security and integrity of our messaging services are not in question as a result of the incidents.” Furthermore, the payment provider urged its clients to “urgently review controls in their payments environments, to all their messaging, payments and e-banking channels.”

SWIFT’s messaging services are used by about 11,000 financial institutions across more than 200 countries. The network processed 25.6 billion financial transfers in 2014.

In February’s heist, attackers attempted to transfer nearly $1 billion out of Bangladesh Bank’s account at the US Federal Reserve in New York but ultimately were able to move $81 million. It is believed that the attackers obtained valid computer credentials for operators to authorize, create and approve SWIFT messages, and then submitted fraudulent messages by impersonating those people.

On Thursday chief executive Gottfried Leibbrandt made it clear that the SWIFT payment network had not been hacked during February’s theft, after BAE researchers said in April that they had detected malware cybercriminals had used to manipulate SWIFT software.

“At the end of the day we weren’t breached, it was from our perspective a customer fraud,” Leibbrandt said. “I don’t think it was the first, I don’t think it will be the last.”

Earlier this month, SWIFT made clear to institutions that use their services that they were responsible for securing their own computers used to send messages over its network. In late April, SWIFT released a security update for the software that 11,000 financial institutions have been using to access its network, and has told customers the update should be installed by May 12.