Connect with us

Hi, what are you looking for?


Incident Response

SWIFT Bolsters Threat Intelligence Sharing

SWIFT Engages BAE Systems and Fox-IT to Bolster Threat Intelligence Sharing

SWIFT Engages BAE Systems and Fox-IT to Bolster Threat Intelligence Sharing

When news of a series of attacks against member banks using the SWIFT financial messaging network emerged earlier this year, it was clear that something had to be done.

At least two of these attacks were successful, with $81 million stolen from the Bangladesh central bank and $12 million stolen from Ecuador’s Banco del Austro. In each case attackers compromised ‘originating’ banks and were then able to generate ‘authentic’ instructions for reserve banks to transfer funds to accounts held by the attackers.

At no time were either the SWIFT network or the reserve banks compromised. Nevertheless, both have been held to blame by the victim banks — and SWIFT is the common factor in all cases.

SWIFT responded quickly with a five point plan to bolster the security of the system, with ‘improved threat intelligence sharing’ as the headline. How this was to be achieved was not at that stage explained.

However, SWIFT has now announced that it has engaged the services of BAE Systems and Fox-IT to “complement SWIFT’s in-house cyber security expertise and work closely with SWIFT’s newly formed Customer Security Intelligence team to support SWIFT’s customer information sharing initiative and to help strengthen cyber security across the global SWIFT community.”

The two cyber security firms will monitor the customer banks’ systems and merge any threat intelligence it gathers with their own existing global threat intelligence, and provide forensic services if and when required. Where necessary threat data will be shared through SWIFT to the wider SWIFT community. SWIFT itself will remain one step removed from the process.

Advertisement. Scroll to continue reading.

SWIFT is in a difficult position. It is owned by its members. It cannot easily impose its own security preferences and standards on its owners. But perhaps more importantly, it cannot block any members whose security is deemed wanting. Doing nothing, however, is no longer an option.

If we take the hypothetical case that BAE Systems and/or Fox-IT detect indicators of compromise on a customer banks’ networks, all SWIFT is able to do is inform the entire network of that threat. If the customer bank declines to remediate or solve the detected threat, SWIFT cannot — or at least certainly does not intend to — block that bank’s usage of the network.

However, it will share the BAE Systems and Fox-IT intelligence with every other bank on the network. It is then up to those banks to accept or reject any money transfer requests from the suspect bank — and it is likely that all requests will be rejected unless or until the originating bank can satisfactorily prove that the requests are valid and genuine.

This approach allows SWIFT to improve the security stance of the network, without actually getting involved in the security practices of its own members.

Related: Enhancing Security Through Information Sharing

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.