Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Product Uses Deception to Protect SWIFT-connected Banks

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber decept

Following a series of high profile high value attacks against a number of banks using the SWIFT interbank financial messaging system, Illusive Networks has announced SWIFT Guard, described by the company as cyber deception technology designed to protect SWIFT-connected banks from cyber criminals.

Deception as a technique for locating hidden threats is already widely used by enterprises. The concept is very simple: false locations are established on the networks with exactly the same characteristics as the genuine locations. Any activity in or against these false locations is automatic evidence of an intruder trying to locate genuine credentials or genuine data – and remediation can be commenced against an unsuspecting culprit.

Its weakness is twofold: it depends upon the attacker being fooled by the deception, and it requires a degree of skilled resources to establish and maintain it. There is no guarantee that it will work; and where it doesn’t work, there is no indication that it has failed. 

One of the weaknesses for the SWIFT system is that many of its smaller banks in smaller countries simply do not have the cyber resources of the primary western reserve banks. It is these smaller banks, such as Bangladesh and Ecuador, that have so far been hacked. They have been compromised to allow the hacker to deliver apparently genuine instructions to the major reserve banks via the SWIFT network in order to syphon off large amounts of cash.

The purpose of Illusive Networks’ SWIFT Guard is to allow these smaller banks to install deception security ready-made.

SWIFT itself is going through a program of hardening security, primarily aimed at improving the security of its member banks. Two examples include trying to increase threat intelligence sharing between the different banks and the more recent announcement of its own Daily Validation Reports. One problem it has is that the member banks ‘own’ SWIFT — it is not the other way round. It is difficult, therefore, to arbitrarily impose security solutions upon the members.

It is also questionable over how much the smaller banks are willing or able to spend on third-party security solutions. The hyperbolic description of Illusive Networks’ CEO Shlomo Touboul doesn’t help: “Deception based technology is the last chance to detect and mitigate sophisticated attacks aimed at the SWIFT system.” SWIFT Guard, like any other security solution, needs to be a part of multi-layered security.

Nevertheless, it could prove a valuable part of the security armory. It works by deploying agent-less deceptions on every endpoint of the network. Since there are far more deceptions than genuine credentials, it is statistically likely that attackers will attack a decoy — and in doing so they will be detected.

Advertisement. Scroll to continue reading.

One strong advantage of deception technology is that there should be no false positives. If a decoy is accessed, it is either an attacker or an over-inquisitive insider. This should appeal to smaller organizations that don’t have the skilled resources necessary to detect anomalies in log data or to distinguish false positives from genuine threats in the alerts generated by threat detection systems.

The reality is that SWIFT Guard could help SWIFT-connected banks, just as tailored deception security can help any organization. It could prove difficult, however, to persuade smaller banks to invest in this technology over and above traditional detect and prevent solutions. 

Illusive Networks’ own product announcement suggests, “Many SWIFT installations use older SWIFT versions that do not meet current SWIFT security standards, and are costly and difficult to update.” If this is true, the priority must surely be to update existing versions to current standards before purchasing additional third-party security.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights