G7 boosts bank­ing se­cu­rity over new SWIFT threat

The Myanmar Times - - International Business -

THE G7 group of lead­ing economies laid out a new frame­work for bat­tling the hack­ing of fi­nan­cial in­sti­tu­tions as a new threat us­ing the SWIFT in­ter­bank net­work emerged.

Re­act­ing to a rise in hack­ing in­ci­dents that have robbed banks of ev­ery­thing from client data­bases to hun­dreds of mil­lions of dol­lars, the G7 group is­sued a set of prin­ci­ples for banks to im­ple­ment cy­ber­se­cu­rity pro­grams.

“The re­cent in­ci­dent in­volv­ing the SWIFT net­work and other cy­ber­at­tacks re­ally un­der­score the im­per­a­tive for ro­bust cy­ber se­cu­rity through­out the global fi­nan­cial sec­tor,” said US Trea­sury deputy sec­re­tary Sarah Bloom Raskin. “Th­ese threats have not desta­bilised the fi­nan­cial sec­tor but they threaten to desta­bilise it,” she said.

Ms Raskin is co-chair of the Cy­ber Ex­pert Group of the G7 – the United States, Canada, France, Ger­many, Italy, Ja­pan, and the United King­dom.

The two-page “Fun­da­men­tal El­e­ments of Cy­ber­se­cu­rity” out­lines the build­ing blocks of an ef­fec­tive riskbased bank pro­gram to de­fend fi­nan­cial sys­tems from cy­ber threats.

The guide­lines are aimed at pub­lic and pri­vate-sec­tor fi­nan­cial in­sti­tu­tion board mem­bers and top man­age­ment to use for shap­ing and as­sess­ing their com­pany’s cy­ber strat­egy.

The stun­ning theft ear­lier this year of US$81 mil­lion from Bangladesh’s cen­tral bank drew at­ten­tion to the vul­ner­a­bil­i­ties of fi­nan­cial sec­tor in­sti­tu­tions to cy­ber threats, es­pe­cially those us­ing the SWIFT world­wide net­work for in­ter­bank trans­fers.

After that heist, SWIFT said the in­ci­dent was “not a sin­gle oc­cur­rence, but part of a wider and highly adap­tive cam­paign tar­get­ing banks”.

That has el­e­vated the alarm lev­els among the world’s lead­ing fi­nance min­is­ters and cen­tral bank chiefs.

“The chal­lenge with cy­ber se­cu­rity is that the threat vec­tors can be dif­fi­cult to dis­cern and are con­stantly mor­ph­ing in search of fi­nan­cial sec­tor vul­ner­a­bil­i­ties,” said Ms Raskin.

That is­sue was un­der­scored on Oc­to­ber 11 when com­puter se­cu­rity group Sy­man­tec is­sued a warn­ing over a new mal­ware threat to fi­nan­cial or­gan­i­sa­tions called “Od­i­naff”.

Od­i­naff has been de­ployed widely around the world since Jan­uary 2016 in at­tacks that “ap­pear to be ex­tremely fo­cused on or­gan­i­sa­tions op­er­at­ing in the bank­ing, se­cu­ri­ties, trad­ing, and pay­roll sec­tors”, it said.

Sy­man­tec said the Od­i­naff at­tack­ers make use of some of the in­fras­truc­ture used by some ear­lier at­tacks tap­ping the SWIFT net­work known as Car­banak. Yet an­other group, known as Lazarus, is be­lieved be­hind the Bangladesh threat.

“Th­ese at­tacks re­quire a large amount of hands on in­volve­ment” with “a heavy in­vest­ment in the co­or­di­na­tion, de­vel­op­ment, de­ploy­ment, and op­er­a­tion” of the tools used to break into the tar­gets’ sys­tems, Sy­man­tec said. –

Newspapers in English

Newspapers from Myanmar

© PressReader. All rights reserved.