Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

New Product Uses Deception to Protect SWIFT-connected Banks

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber decept

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber deception technology designed to protect SWIFT-connected banks from cyber criminals.

Deception as a technique for locating hidden threats is already widely used by enterprises. The concept is very simple: false locations are established on the networks with exactly the same characteristics as the genuine locations. Any activity in or against these false locations is automatic evidence of an intruder trying to locate genuine credentials or genuine data – and remediation can be commenced against an unsuspecting culprit.

Its weakness is twofold: it depends upon the attacker being fooled by the deception, and it requires a degree of skilled resources to establish and maintain it. There is no guarantee that it will work; and where it doesn’t work, there is no indication that it has failed. 

One of the weaknesses for the SWIFT system is that many of its smaller banks in smaller countries simply do not have the cyber resources of the primary western reserve banks. It is these smaller banks, such as Bangladesh and Ecuador, that have so far been hacked. They have been compromised to allow the hacker to deliver apparently genuine instructions to the major reserve banks via the SWIFT network in order to syphon off large amounts of cash.

The purpose of Illusive Networks’ SWIFT Guard is to allow these smaller banks to install deception security ready-made.

SWIFT itself is going through a program of hardening security, primarily aimed at improving the security of its member banks. Two examples include trying to increase threat intelligence sharing between the different banks and the more recent announcement of its own Daily Validation Reports. One problem it has is that the member banks ‘own’ SWIFT — it is not the other way round. It is difficult, therefore, to arbitrarily impose security solutions upon the members.

It is also questionable over how much the smaller banks are willing or able to spend on third-party security solutions. The hyperbolic description of Illusive Networks’ CEO Shlomo Touboul doesn’t help: “Deception based technology is the last chance to detect and mitigate sophisticated attacks aimed at the SWIFT system.” SWIFT Guard, like any other security solution, needs to be a part of multi-layered security.

Nevertheless, it could prove a valuable part of the security armory. It works by deploying agent-less deceptions on every endpoint of the network. Since there are far more deceptions than genuine credentials, it is statistically likely that attackers will attack a decoy — and in doing so they will be detected.

One strong advantage of deception technology is that there should be no false positives. If a decoy is accessed, it is either an attacker or an over-inquisitive insider. This should appeal to smaller organizations that don’t have the skilled resources necessary to detect anomalies in log data or to distinguish false positives from genuine threats in the alerts generated by threat detection systems.

The reality is that SWIFT Guard could help SWIFT-connected banks, just as tailored deception security can help any organization. It could prove difficult, however, to persuade smaller banks to invest in this technology over and above traditional detect and prevent solutions. 

Illusive Networks’ own product announcement suggests, “Many SWIFT installations use older SWIFT versions that do not meet current SWIFT security standards, and are costly and difficult to update.” If this is true, the priority must surely be to update existing versions to current standards before purchasing additional third-party security.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...