Swift confirms multiple cases of fraudulent message traffic

Interbank co-operative Swift has confirmed that it has experienced a number of recent instances of hackers compromising network interface devices at client banks to send fraudulent payment messages over the global banking network.

2 comments

Swift confirms multiple cases of fraudulent message traffic

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The confirmation that the recent $81 million heist at Bangladesh Bank was not an isolated incident emerged in a security alert sent by Swift to member banks worldwide and seen by Reuters.

The notice reads: "Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the Swift network."

Yesterday, researchers at BAE Systems claimed that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which masked the $81 million in fraudulent transactions pushed through Swift's Alliance Access interface device.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

In its warning to member banks, Swift said the attackers obtained valid credentials for operators authorised to create and approve Swift messages, then submitted fraudulent messages by impersonating those people.

The alert was accompanied by a software patch to block the malware used in the assault on Bangladesh Bank.

Swift spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.

"Customers should do their utmost to protect against this," she said in an email to Reuters.

Sponsored [Webinar] Real Time Goes Global: Expanding Revenue Potential Beyond Borders

Comments: (2)

Saurabha Sahu Senior Solution Consultant at Wipro Limited

Financials are the backbone of any organization. Maintaing security on and over the network is a vital part. Need to think, how we can make our financial eco system more robust from hacking as well as safe from the malacious virus? May be the new market enterant of Blockchain concept is an answer to this solution. 

Chetan Ghadge Head of Payments solutions at Wipro

Just giving some hollywood touch .

All these stories about software vulnerabilites and hacks reminds me of quote from the movie "Minoirty Report"

**************************************************************

John Anderton : Why don't you cut the cute act, Danny boy, and tell me exactly what it is you're looking for?

Danny Witwer:  Flaws.

John Anderton : There hasn't been a murder in 6 years. There's nothing wrong with the system, it is perfect.

Danny Witwer: Perfect , I agree . But if there is a flaw it's human. It always is !!!!

***************************************************************

Do i need to say anymore :)

 

[Webinar] Banks and Credit Unions: How to Establish the Core Banking BlueprintFinextra Promoted[Webinar] Banks and Credit Unions: How to Establish the Core Banking Blueprint