Big Jackpot: Why hackers attack SWIFT financial transfer system

The SWIFT system is used daily for money transfers and settlements in the billions of dollars by thousands of financial organizations around the world. At the end of April 2016, the organization warned customers about the growing number of hacker attacks, during which attackers managed to send malicious messages through the system.

The Reuters news agency discussed with experts the possible consequences of such cyber threats, and we bring to your attention the main points of this article.
')

Attack on the Central Bank of Bangladesh

One of the most notorious cybercrimes associated with serious theft of money occurred in February of this year. Then the hackers managed to withdraw $ 81 million from the Central Bank of Bangladesh - four tranches passed through the Federal Reserve Bank (FRB) of New York to accounts in the Philippines and Sri Lanka. The fifth attempt to transfer was blocked by suspicious employees of the Federal Reserve Bank.

According to media reports, representatives of the Central Bank of Bangladesh believe that the FRB of New York and the SWIFT system itself are part of the responsibility for hacking, the vulnerability in which could ease the task of cybercriminals. Indirectly, the attackers could gain access to the system, said the fact that tranches for transfers from the Central Bank of Bangladesh accounts were confirmed within the SWIFT system in accordance with standard authentication protocols.

In early May 2016, SWIFT representatives stated that vulnerabilities in the system could not be the cause of theft. However, a couple of weeks before that, the system’s customers received an alert, which reported on the increasing frequency of cyber attacks on it.

SWIFT has information about a number of recent cyber incidents in which external hackers or malicious insiders managed to send SWIFT messages using systems, computers and workstations of financial organizations connected to the SWIFT network using a local interface.

Who else is at risk

The warning did not contain references to the names of victims of such cyber attacks and possible financial losses to which they could lead. At the same time, the organization released a security update for the software that banks use to access the SWIFT network - some security researchers believe that the vulnerability in this software could lead to the theft of money from the Central Bank of Bangladesh.

This opinion, for example, is shared by employees of the British security company BAE Systems, whose representatives told Reuters that hackers could manipulate the access server of the SWIFT message system to sweep tracks. However, the researchers could not explain exactly how the attackers managed to create and send fake messages to the system.

Light on a possible way of hacking partially sheds the message itself SWIFT. It says that all recorded cyber attacks took place in the same scenario. The attackers managed to obtain "valid" access data for operators who have the rights to create and manage SWIFT messages. Then fake messages were sent on behalf of these employees of financial institutions.

According to the research company FireEye, whose division of Mandiant was hired to investigate an attack on the Central Bank of Bangladesh, the same group of hackers might have attacked other financial organizations.

What can lead to attacks on financial institutions

Hacking a SWIFT system can result in unprecedented theft. In the risk zone are not only bank transfers using SWIFT, but also brokerage firms, investment funds and stock exchanges connected to this system.

In addition, attacks on financial institutions can lead not only to banal thefts, but also open up opportunities for the implementation of various manipulations. For example, not so long ago we wrote about the banking trojan Corkow, which attacked the systems of one of the Russian banks. As a result, non-market orders for the purchase of currency on the Moscow Stock Exchange were made on his behalf - totaling more than $ 500 million. As a result, there were sharp jumps in the ruble exchange rate for 15 minutes, and the bank eventually lost 244 million rubles.

Perspectives

Independent banking systems security consultant Shane Shook, who investigates major financial crimes, believes that hackers will continue to attempt to hack SWIFT and other financial data sharing platforms. The main reason, according to the expert, is that during such attacks you can steal a lot of money at once - the possible payoff is much higher than in the case of attacks on the accounts of ordinary citizens or small companies.

Justin Harvey (Fidelis Cybersecurity), director of Fidelis Cybersecurity firm, agrees with Shukom - according to the expert, hackers will continue their attempts to launch attacks like the theft from the Central Bank of Bangladesh.

What to do

FireEye experts strongly recommend all financial institutions connected to SWIFT to pay close attention to the increasing hacking attempts and take measures to enhance their own security - for example, to conduct independent security audits more often.

SWIFT official representative Natasha Deteran (Natasha Deteran) agrees with the experts. According to her, despite constant updates of the SWIFT system, “the key defense against such attacks is the implementation of appropriate protective measures on the side of the user organizations”.

Financial companies are developing various means of protection and independently - they can receive not only the struggle against the consequences of hacks, but also the usual errors of IT systems. For example, errors in the operation of stock exchange systems can lead to incorrect display of trade data or incorrect calculation of the collateral to hold a position (an error can even lead to a premature closing of the transaction)

In order to minimize possible damage, brokerage companies are developing various systems to protect customers. How this protection is implemented in the ITinvest MatriX trading system can be found here .