Following the massive hack in the central bank of Bangladesh, which was made possible by vulnerabilities in SWIFT software, SWIFT has now admitted that this is not the first time the platform has been compromised.

SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, is a cooperative of thousands of organizations. The SWIFT messaging platform handles the vast majority of international interbank messages, which tend to include vital financial information.

As such, it’s a key target for hackers and other cyber criminals. According to Data Breach Today, SWIFT has issued an alert to customers regarding repeated attempts to break into its messaging system. It has also released a software update, which should help customers find any evidence of a breach, and stressed the importance of installing the update.

The recent Bangladesh Bank breach, which saw $81 million stolen away, is but one of many hacking incidents. SWIFT explained that it “is aware of a number of cyber incidents in which malicious insiders or external hackers have managed to submit SWIFT messages,” which allowed them access to the banks’ communications. The particulars of which organizations have been hacked has not been revealed, but a spokesperson for SWIFT stated that “the commonality in what we have seen is that – internal or external – attackers have successfully compromised banks’ own environments and thereby obtained valid operator credentials with the authority to create, approve, and submit messages from those entities’ interfaces.”

Additionally, the particular tools the various hackers used have also not been disclosed. However, SWIFT is sure to reiterate that the Bangladesh breach occurred because the bank didn’t properly secure its IT environment.

This is bad news for banks that rely on SWIFT for messaging and communication, and may require taking some steps to better improve security, such as using isolated networks and locking down systems to prevent unapproved installations or modifications to software. Banks and SWIFT must take responsibility for their own security. For if they fail, well, then we get another Bangladesh.

Photo by GotCredit