Following the news about a second group of hackers – Odinaff – has broken into the SWIFT system, the fulcrum of the global financial payments system. Odinaff were found to be using the same approach as those who stole $81m from the Bangladesh central bank earlier this year. Brian Spector, CEO of MIRACL commented below.
Brian Spector, CEO at MIRACL:
“Verifying people’s identities is the only way to securely enable the multitude of digital transactions taking place on SWIFT systems worldwide. All too often, bad actors orchestrate attacks by stealing employee credentials – usually just a username and password. Attackers know that when a password, irrelevant of how complex the password may be, is successfully stolen, the attacker can get access to internal systems, gaining access to financial controls and making away with some eye-watering thefts.
But hackers don’t just follow the money – they can also go after the huge treasure troves of sensitive data within financial systems which can then be put up for sale on the dark web. The solution is two-fold: banks must insist on robust, multi-factor authentication to be used in all financial transactions. We also need to eliminate today’s outdated security infrastructure, including passwords, root keys and stored credentials, which enable hackers to carry out data theft and identity fraud on a massive scale.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.