The SWIFT breach continues: Should banks be concerned?

It seems with every passing day, hackers are finding new ways to exploit their targets, displaying advanced and malicious capabilities that can put any business at risk. Such was the case with the recent hacks of SWIFT, a financial messaging system used by banks across the globe. What made this incident so noteworthy – aside from the scale of the attack – was the victim’s almost unassailable reputation in the cybersecurity community. As The New York Times noted, SWIFT was once thought to be one of the most secure systems in the world.


Hackers attacked a secure financial messaging system, enabling them to target multiple banks in several breaches.

SWIFT attacked: Not the first time

According to CSO, a mass investigation has been launched into SWIFT after hackers attacked the network and successfully made off with $81 million in stolen funds from a Bangladesh bank earlier this year. As many as 12 banks could have been impacted by the cybercriminal activity involving SWIFT, including financial institutions in Southeast Asia, the Philippines and New Zealand.

After a second attack took place, SWIFT issued a warning to its users that this malicious activity could be part of a “wider and highly adaptive campaign targeting banks,” illustrating the seriousness with which these attacks are being treated.

What makes this attack so unique is the approach cybercriminals leveraged in the theft. Details are still emerging – in fact, The New York Times reported that some banking experts worry that the SWIFT attacks may be untraceable. Despite this, investigators believe that the attacks involved remaining within each attacked bank’s systems for several months before being discovered. There is also the potential that hackers were able to recruit bank employees in order to gain access to sensitive authentication credentials.

Even more worrisome is the fact that hackers carried out the attacks in a roundabout manner – in multiple cases, cybercriminals didn’t attack the SWIFT system itself, but instead the connections banks use to leverage the platform.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” SWIFT stated in its message warning customers.

A wider impact

While attacks on the SWIFT network already involve a number of banking institutions across the globe, the breaches are also having an impact on the financial industry at large.

“These attacks change the risk landscape for the banking industry.”

“[T]hese attacks involving SWIFT stand out, because millions of dollars were stolen – not from a large number of customers, but from the banks themselves. It is as if the thieves used their hacking skills to reach inside a bank vault,” The New York Times contributor Michael Corkery wrote in May. “Emboldened and enriched, the thieves are likely to strike again.”

What’s more, security expert Paul Kocher noted that these attacks change the risk landscape for the banking industry, particularly since hackers will likely reinvest their stolen money to fund additional attacks. Because SWIFT is such a far-reaching system used by countless banks across the globe, and due to the fact that each individual bank is responsible for securing its connection, protection against these kinds of malicious attacks is now more critical than ever.

It’s critical that financial institutions utilize industry-leading protection tools and security best practices to help prevent their organization from falling victim to malicious activity like this. In addition to ensuring that all security patches are in place – SWIFT did issue a security update to the banking software used to access the system – it’s also essential to leverage a robust, next-generation firewall solution to guard against any unauthorized users entering the network.

To find out more, contact Untangle today.