Posted by Robert Vamosi on April 26, 2016
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has issued a patch after identifying a vulnerability that may have lead to last month’s theft of theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank.
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday in a notice seen by Reuters.
Apparently what was common in each of these cases was internal or external attackers started by compromising a banks’ own environments to obtain valid operator credentials to the SWIFT network. SWIFT uses a private network so it is important that member banks configure their accounts correctly. Apparently that was not done in at the Bangladesh Bank.
According to the Reuters News service, Bangladeshi police investigators stated that the bank lacked any firewalls and was using second-hand $10 switches on its network, which was not segmented or otherwise isolated from the SWIFT systems. SWIFT, in its note to customers, said the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.
The letter informs SWIFT customers that the security update must be installed by May 12.
Get the latest AppSec news and trends sent directly to you.