IS NOT CIRCUS Hackers still targeting bank network: SWIFT
TORONTO: Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year’s $81 million heist at Bangladesh’s central bank have helped thwart many of those attempts, a senior SWIFT official said.
“Attempts continue,” said Stephen Gilderdale, head of SWIFT’s Customer Security Programme. We didn’t expect the adversaries to suddenly disappear.”
SWIFT spokeswoman Natasha de Teran said the attackers had attempted to hack into computers that banks use to access the organisation’s proprietary network, then create fraudulent messages to send over the SWIFT system.
The disclosure underscores that banks remain at risk of cyber attacks targeting computers used to access SWIFT almost two years after the February 2016 theft from a Bangladesh Bank account at the Federal Reserve Bank of New York.
Gilderdale declined to say how many hacks had been attempted this year, what percentage were successful, how much money had been stolen or whether they were growing or slowing down.
On Monday, two people were arrested in Sri Lanka for suspected money laundering from a Taiwanese bank whose computer system was hacked to enable illicit transactions abroad. Police acted after the state-owned Bank of Ceylon reported a suspicious transfer.
SWIFT, a Belgium-based co-operative owned by its user banks, has declined comment on the case, saying it does not discuss individual entities.
Gilderdale said that some security measures instituted in the wake of the Bangladesh Bank heist had thwarted attempts. As an example, he said that SWIFT had stopped some heists thanks to an update to its software that automatically sends alerts when hackers tamper with data on bank computers used to access the messaging network.
SWIFT shares technical information about cyber attacks and other details on how hackers target banks on a private portal open to its members.
Gilderdale was speaking ahead of the organisation’s annual Sibos global user conference, which starts on Monday in Toronto. At the conference, SWIFT will release details of a plan to start offering security data in “machine digestible” formats that banks can use to automate efforts to discover and remediate cyber attacks, he said. SWIFT will also unveil plans to start sharing that data with security vendors so they can incorporate the information into their products, he said.