Cyber attacks on the global banking system have continued – and succeeded – since February’s heist of $81 million from the Bangladesh central bank, underscoring the continuing vulnerability of the SWIFT messaging network, a SWIFT official told Reuters.
The network, which handles trillions of dollars in transfers daily, has warned banks of the escalating threat to their systems, according to a SWIFT letter obtained by Reuters.
“The threat is very persistent, adaptive and sophisticated – and it is here to stay,” SWIFT said last month in a letter to client banks, which has not been previously reported.
Client banks been have been hit with a “meaningful” number of attacks – about a fifth of them resulting in stolen funds, said Stephen Gilderdale, Head of SWIFT’s Customer Security Programme. Gilderdale’s comments are the first confirmation of new thefts involving the SWIFT network since the February heist.
The revelations provide fresh evidence that SWIFT remains at risk of copycat attacks nearly a year after the massive theft from a Bangladesh Bank account at the New York Fed. The unprecedented cyber heist prompted regulators around the globe to tighten bank security requirements.
SWIFT’S letter to customers warned that hackers have refined their methods for compromising local bank systems. One new tactic, the letter said, involved using software that allows technicians to access computers to provide technical support.
“We unfortunately continue to see cases in which some of our customers’ environments are being compromised” by thieves who then send fraudulent payment instructions through the SWIFT network – the same kind of messages used to steal Bangladesh Bank funds.
On Monday, a top investigator in Dhaka told Reuters that some Bangladesh central bank officials deliberately exposed its computer systems and enabled the theft. The comments by Mohammad Shah Alam of the Dhaka police are the first sign that investigators have got a firm lead in one of the world’s biggest cyber heists. Arrests are likely soon, he said.
SWIFT’s Gilderdale declined to provide further details about more recent attacks or to name victims or amounts stolen. Asked how many heists had been attempted, he said only that it was “a meaningful number of cases.”
The intrusions had been detected in a variety of ways, Gilderdale said. In some cases, anti-virus software had identified malware. In one case, a financial supervisory body had notified SWIFT of an attempted attack.
The additional attacks SWIFT disclosed to Reuters do not include others that have already come to light since the Bangladesh Bank heist.
Thieves stole $250,000 from Bangladesh’s Sonali bank in 2013. More than $12 million was stolen from Ecuador’s Banco del Austro in 2015. Vietnam’s Tien Phong Bank said in May that it foiled an attempt to steal money via SWIFT.