As if a USD81 million heist from Bangladesh Bank earlier this year wasn’t enough, it has been revealed that criminals have launched several further attacks on the SWIFT global financial messaging system – some of them successful.
According to a letter that SWIFT sent to its clients and member organizations, all of the victims shared weaknesses in their local network security that criminals were able to exploit. While SWIFT did not elaborate on what these weaknesses actually were, we do know that the original attack exploited flaws in Bangladesh Bank’s infrastructure, such as deploying second-hand routers and then leaving them with default passwords, and in some sites, not having any network firewalls in place at all. The heist was only discovered and exposed in the first place because of a typo in a transfer request, which led to Deutsche Bank raising a query about a fraudulent transaction.
These are really fundamental information security errors and omissions, and yet it seems that they are being made by large and even governmental organizations with a huge amount to lose. They highlight how even the most basic building blocks of network security – firewalls, and appropriate user access protected by strong passwords – can be a potential point of vulnerability for cybercriminals to exploit if they are not implemented properly. As the chief executive of SWIFT himself said in a speech, some of the things the banks need to do are ‘the equivalent of basic hygiene’.
Little surprise, then, that SWIFT is encouraging its members to update to the latest version of its software, which verifies the credentials of individual users and forces them into stronger password management, as soon as possible. As reported by The Register, SWIFT has decided to roll out two-factor authentication across its payment systems – this not only eliminates the security risks associated with default or weak passwords but also takes responsibility for strong password management away from individual users. It works by introducing an additional time-sensitive or single-use layer of verification after the initial password request. In huge ecosystems like the SWIFT payment system, where there are thousands of users all being relied upon to follow good password practice, this is particularly valuable. This is why Clavister has recently introduced its own MFA solution, especially designed to secure our VPN tunnel and web interfaces.
However easy the criminals’ initial routes into the banks’ networks were, once they achieved that access their actions were stealthy and sophisticated. For example, in the Bangladesh Bank heist, malware was planted in SWIFT terminals, which ultimately aimed to create fraudulent transactions and siphon off money to the criminals. When analyzed, the malware was found to have been developed from scratch to target the SWIFT messaging system and the networks it operates across. The criminals clearly had detailed knowledge of their target environment and processes.
As such, the multiple attacks on the global SWIFT network underline the importance not only of very basic information security practices, but also more sophisticated measures such as segmenting networks, whereby sensitive information is separated into different areas within the network and security is enforced by firewalls and security appliances. Each SWIFT attack has been an example of a complex, multi-layered sequence of exploit techniques, which in turn demands layers of security to prevent them being successful.
It’s a timely reminder for any organization that operates or is connected to complex global networks: security really is only as strong as the weakest link in the chain. The larger the network, the larger the attack surface, so it’s essential to try and shrink the number of vulnerable points that can be exploited – as swiftly as possible.