​SWIFT bank network prone to 'cyber fraud' incidents

In light of the recent cybercriminal attack on the Bangladesh Bank, SWIFT has acknowledged that the scheme involved altering its software on the bank's computers to hide evidence of fraudulent transfers.

SWIFT, the global financial network that banks use to transfer billions of dollars every day, has warned its customers that it is aware of "a number of recent cyber incidents" where attackers had sent fraudulent messages over its system.

The disclosure comes as law enforcement authorities in Bangladesh and elsewhere continued to investigate the February cyber theft of AU$105.01 million from a Bangladesh Bank account at the New York Federal Reserve Bank.

An investigator into the incident, Mohammad Shah Alam, head of the Forensic Training Institute at the country's criminal investigations department, told Reuters that Bangladesh Bank was an easy target for cybercriminals as there was no firewall, and second-hand, cheap switches were used to connect computer systems to SWIFT.

Researchers of the heist reported last month that they believe the root of the cause was due to malware being installed within the Bangladesh Bank's computer systems that allowed cyberattackers to learn how to withdraw and take off with the money.

An internal report issued by the Bangladesh Bank said the Federal Reserve was negligent and allowing the fake transactions to go through was a "major lapse". The report also said five out of 35 fraudulent payments were permitted, and entities in the Philippines and Sri Lanka received a portion of the stolen funds.

However, due to a spelling mistake made by the cybercriminals, it prevented an extra $20 million being stolen.

The loss of the bank's funds prompted the resignation of former head of Bangladesh Bank Atiur Rahman, after the 64-year-old executive did not inform the Bangladeshi Finance Minister, A M A Muhith, about the incident, who only learned about it through global press.

SWIFT has acknowledged that the scheme involved altering SWIFT software on the bank's computers to hide evidence of fraudulent transfers.

"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs, or workstations connected to their local interface to the SWIFT network," the group warned customers.

The warning, which SWIFT issued in a confidential alert sent over its network on Monday, did not name any victims or disclose the value of any losses from the previously undisclosed attacks.

SWIFT confirmed to Reuters the authenticity of the notice.

Also on Monday, SWIFT released a security update to the software that banks use to access its network.

SWIFT issued that update to thwart malware that security researchers with British defence contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist.

BAE's evidence suggested that hackers manipulated SWIFT's Alliance Access server software, which banks use to interface with SWIFT's messaging platform, to cover their tracks.

BAE said it could not explain how the fraudulent orders were created and pushed through the system.

But SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.

It said the attackers obtained valid credentials for operators authorised to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.

SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions. Its messaging platform is used by 11,000 banks and other institutions around the world and is considered a linchpin of the global financial system.

SWIFT told customers the security update must be installed by May 12.

In light of the breach, Aidan Tudehope, Macquarie Telecom managing director of hosting and government, issued a warning to businesses and government agencies to remain vigilant about their security measures, saying even the most secure are still vulnerable.

"It is crucial that the nation's managers take the time to read the strategy to understand where they can find this help, so we can bring focus and improvement to the weakest links in the cybersecurity chain," he said.

Last week, the Australian government released its AU$240 million cybersecurity package that will see government and businesses work together to defend Australia from foreign cyber attacks.

The government is set to spend AU$136 million on small business grants to boost security, increase the government's cybercrime intelligence and investigation capabilities, create a threat information-sharing portal, and be able to identify vulnerabilities in government systems; while another AU$6.7 million has been set aside for the Cyber Ambassador overseas advocacy.

Last year, Kaspersky researchers revealed $1 billion was stolen from banks worldwide over two years since 2013. The cybergang reponsible was attacking banks, e-payment systems, and financial institutions using the Carbanak malware.

Once infected with Carbanak, the malware spreads across internal corporate networks and tracks down administrator computers before using covert video surveillance programs to capture and record the screens of staff dealing with cash transfer systems.

With this data, the cybercrminals were able to mimic staff members and transfer cash fraudulently. Online banking and international payment systems were also used to deposit stolen funds in Chinese and US accounts.

With AAP