SWIFT, the global financial network that banks use to transfer billions of dollars every day, has warned its customers that it is aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.
The disclosure comes as law enforcement authorities in Bangladesh and elsewhere continued to investigate the February cyber theft of $US81 million ($A105.01 million) from a Bangladesh Bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on the bank’s computers to hide evidence of fraudulent transfers.
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday.
The warning, which SWIFT issued in a confidential alert sent over its network on Monday, did not name any victims or disclose the value of any losses from the previously undisclosed attacks.
SWIFT confirmed to Reuters the authenticity of the notice.
Also on Monday, SWIFT released a security update to the software that banks use to access its network.
SWIFT issued that update to thwart malware that security researchers with British defence contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist.
BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks.
BAE said it could not explain how the fraudulent orders were created and pushed through the system.
But SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.
It said the attackers obtained valid credentials for operators authorised to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a co-operative owned by 3000 financial institutions. Its messaging platform is used by 11,000 banks and other institutions around the world and is considered a linchpin of the global financial system.
SWIFT told customers that the security update must be installed by May 12.