The global banking system is (still) under attack.
SWIFT, the messaging network that connects the world’s banks, says it has identified new hacks targeting its members, and it is warning them to beef up security in the face of “ongoing attacks.” It did not name the banks affected.
An attack on Bangladesh’s central bank yielded $101 million. Ecuador’s Banco del Austro was hit for $12 million.
The message from SWIFT, which was first reported by Reuters, urges banks to protect themselves against the “persistent, adaptive and sophisticated” attacks, which use a similar method to crack their local security systems.
“These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages,” SWIFT said.
SWIFT did not say how many new attacks had been discovered. The company says that its network and core messaging services have not been compromised by the attacks.
In each documented case, the criminals followed the same basic pattern:
- Attackers used malware to circumvent a bank’s local security systems.
- They gained access to the SWIFT messaging network.
- Fraudulent messages were sent via SWIFT to initiate cash transfers from accounts at larger banks.
SWIFT CEO Gottfried Leibbrandt warned in May that more attacks could have occurred.
“The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts,” he said.
Leibbrandt said the method of attack is much more serious than a typical data breach or theft of customer information. Instead, the loss of control over payment channels could bring down a bank.
“In the recent cases, thieves were able to move just some of those banks’ overseas assets,” he said. “As a result, for the banks concerned, the events haven’t been existential. The point is that they could have been.”
SWIFT is taking extra measures to secure client banks, including sharing more information, supporting security audits and introducing tougher requirements for local bank computer networks.
Cybersecurity researchers have suggested that a hacking team known as “Lazarus” is responsible for the attacks. In May, U.S. law enforcement officials told CNNMoney that the attackers may be linked to North Korea.