Connect with us

Hi, what are you looking for?


Incident Response

SWIFT CEO Pushes Information Sharing, Improved Security

Threat Intelligence Sharing Moves Center Stage for SWIFT

Threat Intelligence Sharing Moves Center Stage for SWIFT

SWIFT CEO Gottfried Leibbrandt today revealed a five-point plan designed to harden SWIFT transactions following the $81 million theft via the Bangladesh central bank. Speaking at the 14th annual European Financial Services Conference in Brussels, Leibbrandt focused mostly most on the need for the global financial community to improve its threat intelligence sharing.

This comes as no surprise. A BAE Systems report on the incident indicates that it discovered indications of more than just the Bangladesh attack on SWIFT member banks. It mentioned a bank in Vietnam. It did not name the bank; however it did indicate that the attack took place several months before the attack against the Bangladesh bank. 

Soon after, Hanoi-based Tien Phong Bank (TPBank) released a statement saying that it had interrupted the attempted theft of approximately $1.1 million via fraudulent SWIFT messages.

If TPBank did not report the attack to its own State Bank of Vietnam (after all, it was a failed attack) then it may not have reported it to SWIFT. This leaves an open and purely hypothetical conjecture: if TPBank had shared the information with SWIFT, and if SWIFT had a sharing mechanism with the rest of the member community, could the Bangladesh theft have been prevented?

Whether this conjecture is valid or not, SWIFT is now moving to address the issue. Point one of the five point plan is to ‘drastically improve information sharing’. “We will demand more information of our customers,” said Liebbrandt, “and share that back with the community. The ambition is to do on an international scale what banks in several countries are already doing domestically. We will do it in a confidential way that uses the data while protecting the identity of the institution and customers.”

Not one of the other four points was given more than a single sentence. They are, to “harden security requirements for customer-managed software”; to “develop security audit frameworks for customers”; to “support banks’ increased use of payment pattern controls to identify suspicious behavior”; and to “introduce certification requirements for third party providers”.

Advertisement. Scroll to continue reading.

None of these intentions affects the SWIFT network itself. Indeed Liebbrandt stressed again (he has done so before) “SWIFT, our network, software and our core messaging services have not been compromised.”

“In Bangladesh and the other cases, the thieves compromised the IT environment and worked their way to the bank systems where the SWIFT instructions are generated and the confirmations received,” Liebbrandt said. “And while we (and other providers) give tools and software to our customers, our customers run these in their own environment and need to keep them secure. We cannot secure our customers’ environments and cannot assume responsibility for that.” 

Nevertheless, this five-point plan demonstrates that SWIFT has learned, albeit the hard way, that any network is only as strong as its weakest link. SWIFT is now taking steps to strengthen those weak links.

Related: Learn More at the 2016 CISO Forum, June 1-2, 2016

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.