If you are in the financial services community, you are likely well-aware of and well-acquainted with SWIFT and the services it performs. As a quick primer for the uninitiated, SWIFT is an acronym for the Society for Worldwide Interbank Financial Telecommunication, a cooperative built over forty years ago by banks and financial institutions globally to address a mutual problem: A better, more secure, and automated way to communicate inter-bank payments across borders. SWIFT addressed this common issue, and today, it is a world-leading provider of secure messaging services for over 11,000 banks, financial organizations, and enterprises in over 200 countries.
While SWIFT is secure, there have been several high-profile cyber attacks that have leveraged the SWIFT platform to syphon funds from one bank to another, to hide the cyber-thieves’ tracks.
The most reported and infamous of the cyber attacks leveraging the SWIFT platform was in February 2016, when cyber-thieves attacked the central bank of Bangladesh via SWIFT, withdrawing and transferring $101 million from a Bangladesh Bank account at the Federal Reserve Bank of New York, then moving the stolen funds to accounts in Sri Lanka and the Philippines. The perps leveraged user credentials either stolen or provided by an insider to plant Dridex malware at the Bangladesh Bank to study how the bank transferred funds via SWIFT and to steal the critical SWIFT credentials.
There have been other attacks leveraging the SWIFT platform, including a cyber attack on a commercial bank in Vietnam similar to the Bangladesh Bank attack; a May 2016 cyber attack on the Banco de Austro in Ecuador for $12 million using forged SWIFT fund transfer requests; an unnamed Ukrainian bank reportedly compromised via fraudulent SWIFT fund transfer instructions in early 2016; and, just last month (October 2017), using a phishing or spear-phishing attack to plant malware and steal SWIFT user credentials, cyber attackers transferred $60 million from the Far Eastern International Bank in Taiwan via the SWIFT platform.
In addition to partnering with two organizations to create an incident response team to assist banks in investigating cyber attacks, particularly if their platform was part of the attack, SWIFT also introduced new security best practices for their customer banks and financial organizations to adopt.
The SWIFT Security Controls Framework is comprised of three security objectives, eight security principles, and 27 security controls. The myriad objectives, principles, and controls cover every major security area, from Internet access to physical security, many for mandatory adoption, some simply as advice.
It’s now incumbent upon the thousands of banks, financial service institutions (FSIs), and even enterprises to deploy the mandatory and advisory SWIFT security controls.
But how will SWIFT FinServ clients address these requirements to better secure inter-bank transfers and messages?
Web browser isolation holds the key.
Isolation delivers the necessary protected, restricted, safe web access for bank and FSI employees with sensitive SWIFT network access separate from the general network and external environment. Menlo Security’s Isolation Platform further protects these employees’ credentials from phishing and spear-phishing campaigns, and credential stealing malware. Isolation neutralizes the risk of web malware spread via watering-hole attacks, malvertising campaigns and browser drive-by attacks via known and unknown vulnerabilities. There are no false positives or worse, false negatives. Isolation is transparent, maintaining the user experience without the addition of client software or browser plug-ins, while working seamlessly with email clients and web browsers. Isolation further reduces the need to create, maintain, and manage web security policy exceptions. Deployment flexibility is also vital, and Menlo Security’s Isolation Platform is available in either the cloud or in a private data center, infinitely scalable and easily accessible.
For more information on the best practices for securing SWIFT deployments and meeting and adhering to the SWIFT Security Controls Framework, please download our white paper, “Securing SWIFT Deployments with Isolation”.