Another SWIFT hack

We recently reported that the SWIFT financial network for international bank transfers was compromised. Now there has now been another SWIFT hack.

SWIFT representatives, the New York Fed and Bangladesh Bank (which was the source of the hack) recently met in Basel, Switzerland to discuss the initial cyber fraud. There has been accusations on both sides about the cause of the attack. SWIFT has firmly placed blame on the Bangladesh Bank for security lapses in their systems that allowed the attack to partially succeed.

But now a second attack has been disclosed. Again, attackers obtained valid SWIFT codes and sent messages on the SWIFT network to initiate bank transfers. It isn't clear at this point if any money was lost. The commercial bank involved has not been revealed, but worrying, it seems these attacks are part of a broader attack on the SWIFT network.

Apparently, the attackers know a great deal about banking systems and the SWIFT network. According to SWIFT, “the attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both”. Banking systems are complex, and it seems likely that at least some of the attackers were former or current insiders.

We noted in our earlier post that the security of the SWIFT infrastructure is irrelevant if the entry points can be easily compromised. This is the case for any secure network - it is only as safe as the weakest entry point.

How can entry points in such systems be secured, particularly when there are 3,000 of them? This is an extremely difficult issue. Even when the basics are satisfied, such as good firewalls, server hardening, regular monitoring and penetration testing, and strong passwords, there are still many attack vectors.

The most obvious is the insider attack, which can be almost impossible to prevent - and in many cases, even to detect. Comprehensive auditing systems are essential, and they must be separated from day to day operations so they cannot be compromised.

Malware is also very difficult to counter - there are many channels by which it can make it into a bank, and once malware is on a bank's servers, automated attacks can be launched. If the malware is specifically targeted, almost anything is possible. Because so many banking systems are automated, passwords are often hard-coded in scripts, or private keys are stored on disk. Malware that manages to get administrator access can corrupt, erase or encrypt data, or use banking systems to steal funds. Constant vigilance is the best prevention.

All corporate systems must guard against cyber attacks, but banking systems in particular must ensure their security is of the highest order. Because banks offer attackers significant financial gain if they are successful, they will always be targets.

Posted by John Faulds in