BAE Systems has been recruited to help SWIFT's newly formed Customer Service Intelligence team in a bid to get ahead of cyber-criminals targeting banks connected to the global financial messaging service.
The announcement follows the analysis and identification of malware that BAE Systems’ threat intelligence team was able to link to an attack on Bangladesh Bank in February 2016. Hackers stole $81m from an account held in New York by Bangladesh's central bank after lifting the financial institutions authorisation codes. Malware analysis by both BAE Systems and Symantec linked the crooks behind the Bangladesh account raid to the hackers who ransacked Sony Pictures Entertainment's systems back in 2014.
The same hacker group is also suspected in the theft of $12m from an Ecuadoran bank, Banco del Austro SA and $10m from a Ukrainian bank as well as a string of thwarted assaults worldwide against Tien Phong Bank in Vietnam, an unnamed bank in the Philipines and others.
These cyber-heists relied on hackers using malware to infect bank terminals and obtain login credentials for the SWIFT messaging system, allowing crooks to send fraudulent transfer orders. SWIFT's network and infrastructure were not affected.
In response to the heightened security risk, SWIFT said it will "expand" its use of two-factor authentication as well as mandating “baseline” security standards as well as improving information sharing. The newly formed Customer Security Intelligence team will "complement SWIFT’s in-house cyber security experts, and support SWIFT’s customer information sharing initiative to strengthen cyber security across the global community." Cyber forensics experts at Fox-IT as well as threat intel experts BAE Systems have been sworn in as deputies to the programme.
The initiative will assist SWIFT’s community by undertaking forensic investigations on customer compromises related to SWIFT products and services, complementing the affected customers’ own investigations. It will also provide related intelligence back to the wider SWIFT community in anonymised form to help prevent frauds in customers’ environments.
SWIFT (Society for Worldwide Interbank Financial Telecom) recently announced it would consider suspending banks with weaker cyber defences until they improve their security.
SWIFT CTO, Craig Young, explained: “Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial to helping us continue protecting our community. Information we have already received from impacted banks has allowed us to identify new malware and to publish related indicators of compromise (IoCs) which are helping to protect the wider community. An important dependency of this initiative is SWIFT’s timely receipt of information from affected customers. We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users.” ®