Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Product Uses Deception to Protect SWIFT-connected Banks

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber decept

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber deception technology designed to protect SWIFT-connected banks from cyber criminals.

Deception as a technique for locating hidden threats is already widely used by enterprises. The concept is very simple: false locations are established on the networks with exactly the same characteristics as the genuine locations. Any activity in or against these false locations is automatic evidence of an intruder trying to locate genuine credentials or genuine data – and remediation can be commenced against an unsuspecting culprit.

Its weakness is twofold: it depends upon the attacker being fooled by the deception, and it requires a degree of skilled resources to establish and maintain it. There is no guarantee that it will work; and where it doesn’t work, there is no indication that it has failed. 

One of the weaknesses for the SWIFT system is that many of its smaller banks in smaller countries simply do not have the cyber resources of the primary western reserve banks. It is these smaller banks, such as Bangladesh and Ecuador, that have so far been hacked. They have been compromised to allow the hacker to deliver apparently genuine instructions to the major reserve banks via the SWIFT network in order to syphon off large amounts of cash.

The purpose of Illusive Networks’ SWIFT Guard is to allow these smaller banks to install deception security ready-made.

SWIFT itself is going through a program of hardening security, primarily aimed at improving the security of its member banks. Two examples include trying to increase threat intelligence sharing between the different banks and the more recent announcement of its own Daily Validation Reports. One problem it has is that the member banks ‘own’ SWIFT — it is not the other way round. It is difficult, therefore, to arbitrarily impose security solutions upon the members.

It is also questionable over how much the smaller banks are willing or able to spend on third-party security solutions. The hyperbolic description of Illusive Networks’ CEO Shlomo Touboul doesn’t help: “Deception based technology is the last chance to detect and mitigate sophisticated attacks aimed at the SWIFT system.” SWIFT Guard, like any other security solution, needs to be a part of multi-layered security.

Nevertheless, it could prove a valuable part of the security armory. It works by deploying agent-less deceptions on every endpoint of the network. Since there are far more deceptions than genuine credentials, it is statistically likely that attackers will attack a decoy — and in doing so they will be detected.

One strong advantage of deception technology is that there should be no false positives. If a decoy is accessed, it is either an attacker or an over-inquisitive insider. This should appeal to smaller organizations that don’t have the skilled resources necessary to detect anomalies in log data or to distinguish false positives from genuine threats in the alerts generated by threat detection systems.

The reality is that SWIFT Guard could help SWIFT-connected banks, just as tailored deception security can help any organization. It could prove difficult, however, to persuade smaller banks to invest in this technology over and above traditional detect and prevent solutions. 

Illusive Networks’ own product announcement suggests, “Many SWIFT installations use older SWIFT versions that do not meet current SWIFT security standards, and are costly and difficult to update.” If this is true, the priority must surely be to update existing versions to current standards before purchasing additional third-party security.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.