The SWIFT messaging system plans to ask banks to make sure they are following recommended security practices following an unprecedented cyber attack on Bangladesh's central bank that yielded $81 million, a spokeswoman for the group told on Sunday.
Brussels-based SWIFT, a cooperative owned by some 3,000 global financial institutions, will issue a written advisory on Monday asking banks to review internal security, the spokeswoman said.
SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh, she added. "Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments," the spokeswoman added. Unknown hackers breached the computer systems of Bangladesh Bank and in early February attempted to steal $951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements. Some attempted transfers were blocked, but $81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.
SWIFT has so far said little about the attack, except that it was related to "an internal operational issue" at Bangladesh Bank and that there was no compromise in its core messaging system. SWIFT prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices, the spokeswoman added.
While SWIFT can advise members to follow certain minimum security standards, there is no organization with regulatory oversight of how central banks and other financial institutions secure their networks, said independent security consultant Shane Shook. That means that security is not uniform among central banks, making some more vulnerable to cyber attacks, said Shook, who has helped investigate some of the biggest financial breaches.
A confidential interim report on the investigation, which forensics experts submitted to the bank on Wednesday, said that attackers took control of the bank's network, stole credentials for sending SWIFT messages and used "sophisticated" malicious software to attack the computers it uses to process and authorize transactions.
Investigators said in the report, which was reviewed by Reuters, that they expect to continue their investigation for another two weeks and believe the attackers have targeted other financial institutions. The report was prepared by FireEye Inc and World Informatix, which were hired by Bangladesh's central bank to investigate the massive theft.
The investigators did not identify other victims or name the hackers, but said that forensic evidence suggests they were also behind other recent cyber attacks on financial institutions. "FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated, and well organised," said an interim report sent to the bank last week.
Representatives of Bangladesh Bank and FireEye declined to comment on the confidential report and their probe into the Feb. 4 heist. World Informatix Chief Executive Rakesh Asthana told Reuters via email that he could not discuss the investigation, but that he expected Bangladesh Bank to issue a news release on Monday.
Details from the interim report were previously reported by Bloomberg News and Bangladesh's The Daily Star. The Daily Star also reported on Saturday that Bangladesh Bank linked its SWIFT operation with other technology operations belonging to the central bank in Dhaka and other cities in October 2015, citing an unnamed bank official. Prior to that, they were separate systems, the report said. Connecting those systems may have given the hackers a path to break into the bank's SWIFT platform, the article cited the official as saying.