SWIFT – the global financial network through which banks transfer billions of dollars every day – is warning approx. 11,000 financial institutions of ‘a number of recent cyber incidents’ where attackers used its system to send fraudulent messages, including the recent Bangladesh Bank attack and theft of approx. $80 million, which it warns is not an isolated incident. SWIFT is urging its 11K financial institution clients to upgrade systems. Security experts comment:
Andrew Komarov, Chief Intelligence Officer, InfoArmor:
“It is clear that the bad actors were preparing for such a cyber heist for pretty long time. In most cases, online-banking thieves attack specific banking customers. If the news story or chatter is about large amount of money, the targets are mostly corporate, but in this case it looks like they were targeting the whole banking system, which is pretty sophisticated and an advanced level of cyber attack.”
István Szabó, PhD, Product Manager, syslog-ng, Balabit:
“The use of stolen credentials of the SWIFT account of the Bangladesh Bank is major event and again highlights the profound importance of continuous, advanced monitoring to minimize the impact of such security breaches. Logging events, making sure that those logs are tamper-proof, available in a central location and having the ability to detect if the logs are missing is the first pillar of an effective security tool set. This particular case confirms the importance of monitoring the activity of privileged accounts, including recording all activities and enabling a video-like play back of the activities should an incident happen. Finally, this incident shows the potential of user behavior analytics in preventing serious security incidents. Such a tool if run on a properly collected log and privileged activity data may have been able to spot it and alert when the stolen credentials are used by the criminals as their usage pattern was completely different from the normal usage pattern of the credentials.”
Frederik Mennes, Senior Manager Market & Security Strategy, VASCO Data Security:
“This remarkable new case of fraud shows the importance of the trustworthiness of customer endpoints used to perform financial transactions or payments. Although the security controls of SWIFT itself have never been compromised, the weak security posture of some of the endpoints of the SWIFT network is the root cause of this type of attack. To prevent this especially dangerous type of fraud, many banks are adding to defense-in-depth, deploying hardware authentication devices with ‘what-you-see-is-what-you-sign’ functionality to make sure endpoints are secure and immune to malware attacks.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.