24 September 2017
Find out more

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  7697 views  |  2 Swift logo 3d

Interbank co-operative Swift has confirmed that it has experienced a number of recent instances of hackers compromising network interface devices at client banks to send fraudulent payment messages over the global banking network.

The confirmation that the recent $81 million heist at Bangladesh Bank was not an isolated incident emerged in a security alert sent by Swift to member banks worldwide and seen by Reuters.

The notice reads: "Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the Swift network."

Yesterday, researchers at BAE Systems claimed that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which masked the $81 million in fraudulent transactions pushed through Swift's Alliance Access interface device.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

In its warning to member banks, Swift said the attackers obtained valid credentials for operators authorised to create and approve Swift messages, then submitted fraudulent messages by impersonating those people.

The alert was accompanied by a software patch to block the malware used in the assault on Bangladesh Bank.

Swift spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.

"Customers should do their utmost to protect against this," she said in an email to Reuters.

Comments: (2)

Saurabha Sahu
Saurabha Sahu - Mindtree - Bangalore | 26 April, 2016, 15:19

Financials are the backbone of any organization. Maintaing security on and over the network is a vital part. Need to think, how we can make our financial eco system more robust from hacking as well as safe from the malacious virus? May be the new market enterant of Blockchain concept is an answer to this solution. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Chetan Ghadge
Chetan Ghadge - Wipro - Pune | 27 April, 2016, 04:48

Just giving some hollywood touch .

All these stories about software vulnerabilites and hacks reminds me of quote from the movie "Minoirty Report"

**************************************************************

John Anderton : Why don't you cut the cute act, Danny boy, and tell me exactly what it is you're looking for?

Danny Witwer:  Flaws.

John Anderton : There hasn't been a murder in 6 years. There's nothing wrong with the system, it is perfect.

Danny Witwer: Perfect , I agree . But if there is a flaw it's human. It always is !!!!

***************************************************************

Do i need to say anymore :)

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  9590 views  |  0 comments | 16 tweets | 12 linkedin
No firewall and $10 routers blamed in Bangladesh Bank heist

No firewall and $10 routers blamed in Bangladesh Bank heist

22 April 2016  |  20048 views  |  2 comments | 20 tweets | 18 linkedin
Bangladesh Bank considers lawsuit against NY Fed over $81m hack

Bangladesh Bank considers lawsuit against NY Fed over $81m hack

23 March 2016  |  6404 views  |  0 comments | 2 tweets | 3 linkedin
Bangladesh bank governor quits as investigators follow money trail

Bangladesh bank governor quits as investigators follow money trail

15 March 2016  |  6679 views  |  0 comments | 6 tweets | 3 linkedin
Poor spelling thwarts Bangladesh Bank hackers

Poor spelling thwarts Bangladesh Bank hackers

10 March 2016  |  9457 views  |  1 comments | 17 tweets | 12 linkedin
Was Bangladesh Bank's account with the New York Fed hacked?

Was Bangladesh Bank's account with the New York Fed hacked?

08 March 2016  |  5301 views  |  0 comments | 3 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
download the paper nowvisit www.sibos.comvisit www.capgemini.com

Top topics

Most viewed Most shared
HSBC switches on selfie payments in ChinaHSBC switches on selfie payments in China
13444 views comments | 28 tweets | 44 linkedin
AXA launches blockchain to cover late flight compensationAXA launches blockchain to cover late flig...
9888 views comments | 13 tweets | 28 linkedin
Apple P2P payments service nears launchApple P2P payments service nears launch
8609 views comments | 19 tweets | 27 linkedin
SBI Ripple Asia advances on South KoreaSBI Ripple Asia advances on South Korea
8416 views comments | 16 tweets | 1 linkedin
European Commission makes fintech a priority in supervisory shakeupEuropean Commission makes fintech a priori...
8158 views comments | 32 tweets | 45 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job