Global payments network SWIFT has admitted that cybercriminals have managed to breach its system and send fraudulent messages over it, and that the Bangladesh Bank theft, which saw funds to the tune of $81 million (around £55 million, or AU$105 million) funnelled away, was not an isolated attack.
SWIFT is used by banks to transfer vast sums of money on a daily basis, and the hacking heist on the Bangladesh central bank involved manipulating the SWIFT software – which wasn't sufficiently protected by the bank – to hide evidence of the fraudulent payments made to the Philippines.
However, SWIFT has now said that it is aware of a number of attempts by cybercriminals to breach its messaging platform and use it for malicious purposes.
As Reuters reports, the organisation warned customers: "SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network."
SWIFT didn't give any specifics of other incidents though, or financial losses which may have occurred previous to the Bangladesh affair.
Malware mitigation
The organisation also provided an update to its software, patching it against malware which security researchers from BAE Systems previously said was probably used in the attack on the Bangladesh central bank.
BAE couldn't explain how the criminals pushed fraudulent orders through the system, however, but SWIFT said that the attackers had somehow obtained credentials for staff members who could create and approve messages on the SWIFT platform, and this is how the scam orders had been shuttled through.
As for the malware BAE highlighted, SWIFT issued a statement to say: "Contrary to reports that suggest otherwise, this malware has no impact on SWIFT's network or core messaging services.
"We understand that the malware is designed to hide the traces of fraudulent payments from customers' local database applications and can only be installed on users' local systems by attackers that have successfully identified and exploited weaknesses in their local security."
The organisation noted that it was advising customers on how to spot inconsistencies in local database records, but that users had to implement better security measures in their office environment to help defend against such threats.
There is the possibility that more fraudulent actions will come to light as SWIFT customers check over their systems.
A major part of the problem for Bangladesh Bank was poor overall levels of security, with the lack of a firewall in place, and cheap network switches used, which meant the SWIFT room wasn't walled off from the rest of the system as it could have been if more sophisticated switches were in place.
