SWIFT reveals new cyber-attacks on its money transfer system

© Carlo Allegri
The global provider of interbank money transfer services, SWIFT, has confirmed more hack attacks on its member banks. The attacks occurred after SWIFT updated security procedures following February’s breach at the Bangladesh central bank.

In a private letter to customers, SWIFT said there had been new cyber-theft attempts since June, some of them successful.

"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," Reuters quoted a copy of SWIFT’s letter. "The threat is persistent, adaptive and sophisticated - and it is here to stay."

SWIFT said some banks attacked had lost money. It didn’t say how much money was taken or how many of the attempted hacks succeeded. The company did not identify specific banks, but said they all shared one thing in common - weaknesses in local security that attackers used to compromise local networks and send fraudulent messages requesting money transfers.

In June, SWIFT warned banks of a number of cyber-attacks on its system and asked them to update their software. It released a security update for the software 11,000 financial institutions use to access its network.

It was the first time the global network had acknowledged there were cyber-attacks on its system, as well as the hacking of the central bank of Bangladesh. In that attack, cyber-thieves stole $81 million from the bank’s account at the US Federal Reserve.

READ MORE: Bangladesh may sue NY Fed over $100mn cyber heist

Shane Shook, an independent security consultant who advises central banks told Reuters that SWIFT is trying to coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private.

"That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence," Shook said.

Among other cases of fraudulent transfer requests are the theft of more than $12 million from Ecuador's Banco del Austro and a failed attempt to steal money from Vietnam's Tien Phong Bank.

SWIFT’s messaging services are used in more than 200 countries. The network processed 25.6 billion financial transfers in 2014.