Interbank co-operative Swift has confirmed that it has experienced a number of recent instances of hackers compromising network interface devices at client banks to send fraudulent payment messages over the global banking network.
The confirmation that the recent $81 million heist at Bangladesh Bank was not an isolated incident emerged in a security alert sent by Swift to member banks worldwide and seen by Reuters.
The notice reads: "Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the Swift network."
Yesterday, researchers at BAE Systems claimed that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which masked the $81 million in fraudulent transactions pushed through Swift's Alliance Access interface device.
The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.
In its warning to member banks, Swift said the attackers obtained valid credentials for operators authorised to create and approve Swift messages, then submitted fraudulent messages by impersonating those people.
The alert was accompanied by a software patch to block the malware used in the assault on Bangladesh Bank.
Swift spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.
"Customers should do their utmost to protect against this," she said in an email to Reuters.