The Society for Worldwide Interbank Financial Telecommunication (Swift) revealed Friday that their international money transfer platform had been successfully targeted by hackers again, although provided no further details other than it involved a “commercial bank.”

According to The Wall Street Journal, a notice by Swift said the new attack didn’t see its own system breached but that of the targeted bank, which allowed the hackers to send Swift transfer messages using the bank’s valid codes.

Like the attack on Bangladesh Bank in February, the attackers used malware to cover their tracks; in that case, hackers manipulated the Alliance Access server software which banks use to interface with Swift’s messaging platform, to gain access to the funds, and then to cover their tracks.

Once into the system, the malware removed integrity checks within the software and then watched transaction files waiting for payment orders and confirmations for specific terms; once a message meeting the criteria was found, the malware would then do a number of things, including increasing the amounts of payment orders, modifying confirmation messages from the SWIFT network itself, and then altering communications to show the original, correct transactions and deleting the actual transaction from the Alliance database.

This case is said to be somewhat different in that instead of recording live transactions, the deployed malware targeted a PDF reader that the bank used to confirm payments had been made.

Larger campaign

The notice from Swift advised banks that the second successful breach of the system is indicative of a large campaign, saying “Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”

That in and of itself isn’t entirely new given that Swift admitted in April that there had been repeated attempts to break into its messaging system, but it would appear that the security measures (including software updates) it has put in place since that time have not been effective in stopping the bad actors behind these attacks.

Swift handles the majority of transfers between international banks, and on average handles 25 million messages each day; should the system be compromised the stakes are extremely high.

Image credit: Pixabay/ public domain