Connect with us

Hi, what are you looking for?



Cyber-attacks Against SWIFT Ongoing, Sophisticated

Cyber-attacks against the SWIFT global banking network have continued throughout the year since the successful theft of $81 million from the Bangladesh central bank in February 2016. A letter seen by Reuters and dated Nov 2 warned member banks, “The threat is very persistent, adaptive and sophisticated — and it is here to stay.” 

Cyber-attacks against the SWIFT global banking network have continued throughout the year since the successful theft of $81 million from the Bangladesh central bank in February 2016. A letter seen by Reuters and dated Nov 2 warned member banks, “The threat is very persistent, adaptive and sophisticated — and it is here to stay.” 

Stephen Gilderdale, head of SWIFT’s Customer Security Programme, told Reuters, “In all of these cases attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers.” This is to infiltrate SWIFT customer banks and forge letters of transfer to move funds from the larger reserve banks to the attackers’ control.

While the method of stealing funds remains the same, attackers have started using new methods of infiltrating the customer banks, possibly indicating new and different attackers. One new approach, highlighted by the letter, involves the use of “software that allows technicians to access computers to provide technical support.” How this software is installed, or whether it is a remote access trojan delivered maliciously or a remote administration tool delivered via social engineering, is not disclosed.

It is noticeable, however, that Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department, said this week that some Bangladesh central bank officials deliberately exposed its computer systems and enabled the February theft. This appears to be a new development and confirms that cyber attackers will attempt to corrupt and use bank employees.

It also confirms FBI suspicions. The FBI, Interpol and the Bangladesh authorities have all been investigating the theft. In May it was reported that FBI investigators “have found evidence pointing to at least one bank employee acting as an accomplice.” According to Alam, arrests are likely soon.

Reuters is reluctant to provide details on the more recent attacks. No banks are named, although Gilderdale says that there have been “a meaningful number of cases.” He added, “In 80 percent of the cases that we are aware of and where we have completed investigations, a fraud has not actually ended up taking place.” The implication is that there have been a few successful attacks, although neither the banks nor the amounts have been publicly disclosed. 

Reuters notes, “The additional attacks SWIFT disclosed to Reuters do not include others that have already come to light since the Bangladesh Bank heist.” It then names attacks against Bangladesh’s Sonali bank in 2013; Ecuador’s Banco del Austro in 2015; the failed attack against Vietnam’s Tien Phong Bank; and the $81 million dollar theft from the Bangladesh central bank.

Advertisement. Scroll to continue reading.

There have, however, been reports of other possibly linked thefts. In June, the English language Ukrainian news site Kyiv Post announced that cyber-attackers had stolen $10 million from an unnamed Ukrainian bank. “The Kyiv branch of ISACA, the Information Systems Audit and Control Association, reported this week that the theft had occurred via the SWIFT international banking system, the organization responsible for managing money transfers between financial institutions worldwide.”

Kyiv Post also said, “‘At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars,’ ISACA said in a release.” It should be noted, however, that this report has not been independently verified in western media; so it may or may not be related to the continuing attacks mentioned by SWIFT.

Throughout this year, SWIFT has been tightening its security procedures. The basic problem, however, remains the same. The organization links more than 11,000 institutions in more than 200 countries. It is a cooperative society operated from Belgium, but owned by its members. As in all systems, it is as strong as its weakest link; and in this instance the weak links are the many thousands of smaller banks that do not have the same security resources as the big banks. Attackers seek to compromise the small banks and gain genuine SWIFT credentials. This allows them to instruct the bigger banks to transfer large amounts of money over the SWIFT network into their own accounts.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...