SWIFT, an international global payments network, had its software systems hacked by malware, resulting in the theft of $81.0 million from the Bangladeshi central bank, according to a recent Reuters report.
The announcement follows on the heels of a string of recent initiatives by SWIFT to usher in more firms and venues under its collective mantle, whereby helping foster transparent and secure financial commerce and banking. While its resolve has not changed, the latest malware attack does bring into question the need for respective financial institutions to fortify their security protocols and procedures.
In this instance, hackers managed to modify SWIFT’s client software, underscoring the latent vulnerabilities across such a globally diverse system. More specifically, the Bangladesh Bank attack managed to successfully manipulate SWIFT client software known as Alliance Access. This followed a previous attempt back in February in which cyber criminals tried to transfer upwards of $951 million from the Bangladeshi central bank’s account at the Federal Reserve Bank of New York.
Thankfully for the bank, the vast majority of the payments were blocked, not resulting in any material loss, however $81 million was still routed to accounts in the Philippines and diverted to casinos there, with much of the sum still missing. Alliance Access software is utilized by many institutions, though it represents just a fraction of the SWIFT messaging platform that is nearly 11,000 strong. Since then, SWIFT has released a statement saying that the malware has had no impact on the rest of its network or core messaging services.
The plausibility of future attacks and vulnerabilities is certainly a tangible concern for SWIFT moving forward though the onus ultimately lies with respective banks and institutions. Each day, global repositories collect millions of new samples a day from researchers, businesses, government agencies and members of the public who upload files to cross-reference if they are recognized as problematic in order to help thwart future attacks.
According to SWIFT spokesperson, Natasha Deteran, in a recent statement on the attack: “Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defence against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems.”