The SWIFT financial messaging service has acknowledged that several member banks were recently targeted by cyber attacks similar to February's attack on Bangladesh Bank that resulted in the theft of $81 million, Reuters reports.
"Customers' environments have been compromised, and subsequent attempts [were] made to send fraudulent payment instructions," SWIFT said in a private letter to clients. "The threat is persistent, adaptive and sophisticated -- and it is here to stay."
In response, SWIFT urged clients to comply with new security procedures, noting that hackers appear to be specifically targeting banks with lax security. The letter informed banks that they may be reported to regulators and banking partners if they fail to update to the latest version of its software by November 19.
Bloomberg reports that as many as 12 banks may have suffered breaches, and that SWIFT CEO Gottfried Liebbrandt said in a speech this week that this issue "gets to the heart of banking."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"Banks that are compromised like this can be put out of business," Liebbrandt said.
Still, Balabit product manager Istvan Szabo told eSecurity Planet that complying with SWIFT's improved security procedures and update requirements still might not be enough to protect banks if attackers have already gained access to privileged accounts. "As the account they've used for such actions might already possess the highest level of privileges, the bad actors can often do whatever they want and cover up their tracks with ease," he said.
"To counter such a dangerous yet hard-to-notice threat, a solution that's capable of seeing the unseen is required," Szabo added. "The better method is for participating organizations to monitor their privileged users, build user specific profiles and apply behavior analytics on top of that. Profiles can be obtained from mouse movements, keystroke habits, command usage regularity, users IP / port and protocol in a transparent way if using a proxy based monitoring technology. The habits of every individual user are unique indicators and impossible to copy."
Lieberman Software vice president of product strategy Jonathan Sander said it's also crucial for banks to review how they the bar for doing business with partners. "The executives in any business are very good at seeing the revenue potential of new business partners, and tend to see putting in revues and provisions for starting those partnerships as bad ideas that decrease how nimble they are," he said. "But if the new partner is using $10 routers and no firewalls to run critical IT systems that you will now be directly dependent upon, wouldn’t you want to know that before signing any contracts?"
"Basic cybersecurity practices will soon become as common sense to businesses partnerships as basic insurance coverage is today," Sander added.
A recent eSecurity Planet article looked at five best practices for reducing third-party security risks.