SWIFT Hack

You may have seen in the media over the last couple of weeks’ references to hacks and the SWIFT financial network. So for those of you not overly familiar with banking and finance, what is SWIFT and why should it concern you?

SWIFT, or to give it its full title, the Society for Worldwide Interbank Financial Telecommunication, is as the name suggests, the primary method by which banks and other financial institutions move money between each other around the globe (and has been for nearly 40 years). Casting my mind back to the very early years of my career, I remember keying in SWIFT transactions as part of my work in international settlements. Most people only ever come across SWIFT when making a very large payment, such as purchasing a house, where a SWIFT transfer is often used to complete the transaction.

In essence it is a private, encrypted messaging system with about 11,000 members worldwide. Don’t let the relatively small number of members fool you. In 2015, the network transmitted more than 6 billion messages. The nature of this private ‘club’ can sometimes mean that users are perhaps unaware of the security issues or underestimate the impact that wider, more well-known problems on such a system.

Again, from my early career, I remember SWIFT being run from a dedicated terminal, connected over X25 circuits (I am really showing my age now!), but times change and SWIFT systems can now be deployed on a number of Windows / Linux / UNIX platforms.

So given its position in the financial world it is perhaps not surprising that it has become a target for hackers. Whilst the security of the SWIFT system itself has generally been regarded as pretty good, where the weaknesses have appeared are in the systems and networks that it connects to. In other words, the compromises that have taken place have been targeted against back office devices and users. Once compromised the attackers have gained elevated privileges relating to SWIFT usage and conducted fraudulent transactions.

Recent reports in the press suggest that the attackers may have altered some of the SWIFT software to cover the tracks of the fraudulent payments. To date the largest reported loss is $81 million, from a Bangladesh Bank account at the New York Federal Reserve. An earlier attack against Banco del Austro in Ecuador has also been disclosed (resulting in the loss of $12 million).

These attacks are concerning as it would suggest that the attackers have intimate knowledge of the workings of SWIFT software and systems. These were not random events and other financial institutions may well have been targeted. It is still not clear whether the attackers were internal or external to the organisations that were hit.

SWIFT transfers have generally required two sets of authentication – that of the operator and then a manager to make the payment. It would appear that the attackers have gained both sets of IDs and authentication. This would suggest, as SWIFT has noted, lax security practices at end user organisations. Clearly SWIFT needs to do more to help its member organisations, but there must also be action from the banks too.

The attacks yet again highlight the need to do the basics of network security properly: Know your network; train your staff; restrict the use of privileged accounts and properly log and monitor your network traffic. Treat all traffic as untrusted until you know otherwise. No matter how secure you think your network and applications are, think like a hacker. Look for the weak links, they always exist.

Did you enjoy this blog article? Share it with your friends or comment below.
 
.

About CIPHER

Founded in 2000, CIPHER is a global cybersecurity company that delivers highly accredited Managed Security Services and Security Consulting Services with ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past five years. These services are supported by the best in class security intelligence lab: CIPHER Intelligence. Our offices are located in North America, Europe, and Latin America with 24×7×365 Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe. 

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions. 

Subscribe to the Blog

Maeasure Your Information Security Maturity Self-Assessment Survey

Recent Security Posts

security consulting services

@ciphersec