SWIFT aware of other fraudulent use
The SWIFT financial network acknowledged to its users yesterday that “a number of recent cyber incidents” have occurred in which hackers have sent ‘fraudulent messages’ over its global financial messaging system, according to a Reuters exclusive report published online this morning.
The Reuters report cited a confidential alert from SWIFT to its customers in which SWIFT warned that it “is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network.”
This acknowledgement—stunning, considering the wide use of SWIFT messaging and its longstanding reputation for the highest security standards—follows closely on news that the February cyber-heist of $81 million at the Bank of Bangladesh is now believed to have included a hack of the Alliance Access server software, which is part of the interface with the SWIFT messaging system.
SWIFT released a security update for Alliance Access and will require all users to install the update. Various authorities and investigators continue to probe how the Bank of Bangladesh hackers acquired internal credentials to access the bank’s SWIFT messaging system and how they manipulated the bank’s system to cover their tracks and slow the discovery of the transfers.
Human element central to software security
Like many of his colleagues in the industry, AML Partners’ CEO Frank Cummings has been following this story since it first broke. He said that the initial focus naturally is on possible breaches of the software and tech systems themselves, but that at some point he expects to see a focus on individual bank employees who themselves present a security risk.
“We get so focused on the power of the tech that we forget there are actual people with passwords and personal foibles that are central to all these systems,” Cummings said. “People can be susceptible to human engineering by hackers and fraudsters—whether it’s financial stresses, or work conflicts, or other more personal lures. Software security cannot easily repel those kinds of internal weak points. That is why good leadership, good management, and internal due diligence and vigilant risk mitigation are so important and need to be clearly emphasized in organizational culture.”
Behavioral Risk Mitigation for Vendors and Employees
AML Partners provides enterprise software tools that include screening of vendors and employees. To learn more about our software solutions for Behavioral Risk Mitigation, contact us today.