Security Experts:

Connect with us

Hi, what are you looking for?



G7 Boost Banking Cybersecurity as New SWIFT Threat Emerges

The G7 group of leading economies laid out a new framework for battling the hacking of financial institutions Tuesday as a new threat using the SWIFT interbank network emerged.

The G7 group of leading economies laid out a new framework for battling the hacking of financial institutions Tuesday as a new threat using the SWIFT interbank network emerged.

Reacting to a rise in hacking incidents that have robbed banks of everything from client databases to hundreds of millions of dollars, the G7 group issued a set of principles for banks to implement cybersecurity programs.

“The recent incident involving the SWIFT network and other cyberattacks really underscore the imperative for robust cyber security throughout the global financial sector,” said US Treasury Deputy Secretary Sarah Bloom Raskin.

“These threats have not destabilized the financial sector but they threaten to destabilize it,” she said.

Raskin is co-chair of the Cyber Expert Group of the G7 — the United States, Canada, France, Germany, Italy, Japan, and the United Kingdom.

The two-page “Fundamental Elements of Cybersecurity” outlines the building blocks of an effective risk-based bank program to defend itself and the broader financial system from cyber threats.

The guidelines are aimed at public and private sector financial institution board members and top management to use for shaping and assessing their company’s cyber strategy.

The stunning theft earlier this year of $81 million from Bangladesh’s central bank drew attention to the vulnerabilities of financial sector institutions to cyber threats, especially those using the SWIFT worldwide network for interbank transfers.

After the Bangladesh heist, SWIFT said the incident was “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”

That has elevated the alarm levels in the world’s leading finance ministers and central bank chiefs.

“The challenge with cyber security is that the threat vectors can be difficult to discern and are constantly morphing in search of financial sector vulnerabilities,” said Raskin.

That issue was underscored Tuesday when computer security group Symantec issued a warning over a new malware threat to financial organizations called “Odinaff“.

Odinaff has been deployed widely around the world since January 2016 in attacks that “appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors,” it said.

Symantec said the Odinaff attackers make use of some of the infrastructure used by some earlier attacks tapping the SWIFT network known as Carbanak. Yet another group, known as Lazarus, is believed behind the Bangladesh threat.

“These attacks require a large amount of hands on involvement” with “a heavy investment in the coordination, development, deployment, and operation” of the tools used to break into the targets’ systems, Symantec said.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.