Potential SWIFT breaches are under investigation amid concerns that up to a dozen banks may have been hacked through fake SWIFT transfers, similar to the Bangladesh Central Bank earlier this year, Bloomberg reports.
After stealing $81 million from the Bangladesh Central Bank, hackers may have caused related breaches in Southeast Asia, including the Philippines and New Zealand.
SWIFT experts claim the malware was created to meddle with transaction software, compromise bank systems and steal credentials to send messages on the network.
“The malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security,” informed SWIFT.
The Bangladesh Central Bank hack might not have been an isolated incident, said SWIFT CEO Gottfried Leibbrandt in a speech this week. As SWIFT links 11,000 financial institutions sending 25 million messages daily, US and UK banks urge the organization to boost its security program to avoid future cyber-attacks and fraud. Certification requirements will be introduced for vendors to help detect unusual activity, Leibbrandt added.
Security firm FireEye has been contacted to take over the investigation, after their previous experience in the Bangladesh Central Bank SWIFT hack, which targeted the Federal Reserve Bank of New York. The firm hasn’t made any comments thus far, however their research report confirms macro malware is still effective. Various emails were sent “containing macro-enabled XLS files to employees working in the banking sector in the Middle East. The themes of the messages used in the attacks are related to IT Infrastructure such as a log of Server Status Report or a list of Cisco Iron Port Appliance details,” the company said.