Cyber-crooks have significantly upped their game in the last 18 months, developing sophisticated new tools and techniques to hack into bank systems, warns a new report from Swift.
Swift has been forced to reassess its cyber-security standards in the wake of the 2016 Bangladesh Bank hack, which saw thieves use its network to steal $81 million.
Last year the co-operative launched a Customer Security Programme and from January it will begin naming and shaming banking members who fail to measure up to a new set of core standards.
While Swift CEO Gottfried Leibbrandt used the recent Sibos conference to suggest that cyber-security has become a “manageable nuisance”, the group has now teamed up with BAE Systems on a report into the “significant evolution” of the threat.
“The adversaries have deployed increasingly sophisticated means of circumventing individual controls within users’ local environments and used ever more creative techniques to access users’ critical assets,” says Adrian Nish, head, threat intelligence. BAE Systems.
Crooks are gaining administrator rights for operating systems, manipulating software in memory, and tampering with legitimate functionality to bypass authentication, he says.
Karel De Kneef, director, security operations, Swift, says: “While the attackers’ sophistication is clearly on the rise, in all cases, they have relied on basic security weaknesses in the targeted customers’ perimeter and internal network security.
“The determination, patience and cunning the attackers are demonstrating makes it more imperative than ever that customers rapidly deploy and maintain all basic cyber hygiene tools and measures, comprehensively adhere to recommended security controls, and incorporate all the elements set out in Swift’s Customer Security Programme.”
Since the Bangladesh Bank hack, several other firms have had their systems breached. In the past month alone, reports have surfaced of separate attacks on Far Eastern International Bank and Nepal’s NIC Asia Bank. BAE has linked the former incident to North Korean hacking collective Lazarus, strongly suspected of being behind the Bangladesh Bank hit.