NEWS
NEWS
NEWS
Swift money transfer network successfully attacked by malware for a second time
The Society for Worldwide Interbank Financial Telecommunication (Swift) revealed Friday that their international money transfer platform had been successfully targeted by hackers again, although provided no further details other than it involved a “commercial bank.”
According to The Wall Street Journal, a notice by Swift said the new attack didn’t see its own system breached but that of the targeted bank, which allowed the hackers to send Swift transfer messages using the bank’s valid codes.
Like the attack on Bangladesh Bank in February, the attackers used malware to cover their tracks; in that case, hackers manipulated the Alliance Access server software which banks use to interface with Swift’s messaging platform, to gain access to the funds, and then to cover their tracks.
Once into the system, the malware removed integrity checks within the software and then watched transaction files waiting for payment orders and confirmations for specific terms; once a message meeting the criteria was found, the malware would then do a number of things, including increasing the amounts of payment orders, modifying confirmation messages from the SWIFT network itself, and then altering communications to show the original, correct transactions and deleting the actual transaction from the Alliance database.
This case is said to be somewhat different in that instead of recording live transactions, the deployed malware targeted a PDF reader that the bank used to confirm payments had been made.
Larger campaign
The notice from Swift advised banks that the second successful breach of the system is indicative of a large campaign, saying “Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
That in and of itself isn’t entirely new given that Swift admitted in April that there had been repeated attempts to break into its messaging system, but it would appear that the security measures (including software updates) it has put in place since that time have not been effective in stopping the bad actors behind these attacks.
Swift handles the majority of transfers between international banks, and on average handles 25 million messages each day; should the system be compromised the stakes are extremely high.
Image credit: Pixabay/ public domain
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
