The Swift global financial messaging network, which is used by banks to move billions of dollars daily has reported that another malicious attack on a bank has attempted to make us of their messaging system to potentially steal millions. The announcement by Swift warned on Thursday that it is aware of a second malware attack similar to the one that led to February’s $81 million cyber-heist from the Bangladesh central bank.
The second Swift customer targeted is a commercial bank. Swift spokesperson Natasha de Teran released information that they knew of the breach, but stopped short of naming the bank. It is not immediately clear how much money, if any, was stolen in the second attack.
Swift stated that the attackers exhibited a “deep and sophisticated knowledge of specific operational controls” at targeted banks and may have been aided by “malicious insiders or cyber attacks, or a combination of both”.
A seconds bank has been attacked using the Swift messaging system to possible steal millions.
The newer one identified by Swift attacks a type of computer software for reading files in a PDF document. The malware is able to read customers’ PDF reports of payment confirmations, manipulate them and then remove traces of any fraudulent instructions, Swift revealed.
Preventative Controls
As a matter of urgency we remind all customers again to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels. This includes everything from employee checks to password protection to cyber defences. We recommend that customers consider third party assurance reviews and, where necessary, ask your correspondent banks and service bureaux to work with you on enhanced arrangements.
We also urge all customers to be forthcoming when these issues occur so that the fraudsters can be tracked by the authorities, and SWIFT can inform the rest of community about any findings that may have a bearing on wider security issues.
In the meantime we would like to reassure you that the SWIFT network, SWIFT messaging systems and software have not been compromised. The security and integrity of our messaging services are not in question as a result of the incidents. We will continue with our security awareness campaign, bilaterally with users and through industry forums and other appropriate channels. We will also continue working with our overseers, with law enforcement agencies, and third party experts, and we will continue to inform you of any further information we believe that can help you detect or avert such attacks.
It is time that banking organizations got serious about monitoring data movement within their systems – if they had an good idea of what data operations were ‘normal’, it would allow them to detect less obvious malicious traffic. A solut nextGen firewall/UTM can allow a company to spot traffic to malicious hosts, including Command and Control Networks.