SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers that it was aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.
The disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of US$81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.
SWIFT has acknowledged that the scheme involved altering SWIFT software on Bangladesh Bank’s computers to hide evidence of fraudulent transfers, Reuters reports.
Monday’s statement from SWIFT marked the first acknowledgement that the Bangladesh Bank attack was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions, the news agency said.
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday in a notice seen by Reuters.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions.
The warning, which SWIFT issued in a confidential alert sent over its network, did not name any victims or disclose the value of any losses from the previously undisclosed attacks.
SWIFT confirmed to Reuters the authenticity of the notice.
Also on Monday, SWIFT released a security update to the software that banks use to access its network to thwart malware that security researchers with British defense contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist.
BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks.
– Contact us at [email protected]