Interbank co-operative Swift is facing an uphill battle to convince its membership of the urgency of upgrading security after revealing a further spate of hacks against users of the financial messaging network.
In a private letter to clients obtained by Reuters, Swift says that new cyber-theft attempts - some of them successful - have surfaced since June.
"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay."
The memo discloses that banks targeted varied in size and geography and used different methods for interfacing to the network, but all demonstrated failings in local lockup procedures.
Swift has been on a crusade to persuade members of the need to enforce and maintain strict security protocols following an $81 billion cyber-heist from the Bank of Bangladesh and similar attacks on other Asian banks.
The Brussels-based co-operative launched a major security programme in June with the aim of defining an operational and security baseline that banks must meet to protect the processing and handling of their Swift transactions. The company has engaged cyber-security specialists BAE Systems and Fox-IT and created a dedicated 'Forensics and Customer Security Intelligence Team' to help shore up its defences as it rolls out an information sharing and threat intelligence programme.
Swift has set a November 19 deadline for installing the latest version of its software - which includes stronger authentication and password management and better hack detection tools - and has warned banks that fail to measure up that it may share future security lapses more widely with banking regulators and correspondent banking partners.