Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of US$81 million from the Bangladesh central bank, as hackers become more sophisticated in their tactics.
A previously undisclosed letter SWIFT sent to banks worldwide on November 2 warns them of the escalating threat to their systems. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks.
The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York.
The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.
Banks using the SWIFT network, which include both central banks and commercial banks, have been hit with a "meaningful" number of attacks - about a fifth of them resulting in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s customer security program, said.
SWIFT, a Belgium-based co-operative owned by its user banks, had previously disclosed hacks of three SWIFT users since February but said those did not lead to the loss of funds.
SWIFT's letter to customers warned that hackers have refined their methods for compromising local bank systems. One new tactic, the letter said, involved using remote software that allows technicians to access computers to provide technical support.
"We unfortunately continue to see cases in which some of our customers’ environments are being compromised" by thieves who then send fraudulent payment instructions through the SWIFT network - the same kind of messages used to steal Bangladesh Bank funds, the letter stated.
On Monday, a top police investigator in Dhaka revealed that some Bangladesh central bank officials deliberately exposed its computer systems and enabled the theft.
SWIFT's Gilderdale declined to provide further details about more recent attacks or to name victims or amounts stolen. Asked how many heists had been attempted, he said only that it was "a meaningful number of cases".
“In all of these cases attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers,” he said.
The intrusions had been detected in a variety of ways, Gilderdale said. In some cases, clients' antivirus software had identified malware.
In others, a new feature on software SWIFT provides to clients alerted SWIFT directly of an attempted manipulation of a client's system. In one case, a financial regulator had notified SWIFT of an attempted attack.
Gilderdale said despite the new thefts, SWIFT believed the system was becoming more secure.
"In 80 percent of the cases that we are aware of and where we have completed investigations, a fraud has not actually ended up taking place,” he said.
SWIFT said in its letter to clients that cyber threats were evolving.
"There are likely to be multiple groups of cyber attackers attempting to compromise customer environments," it said.
"There has been an evolution in the modus operandi, signifying that attackers are further adapting their methods."
Gilderdale said it was impossible to say for sure whether the rate of attacks was increasing because previously SWIFT did not track or receive information from clients about incidents.
SWIFT said that in all cases, the infiltrations involved customers’ SWIFT interfaces and that its own central communications network had not been compromised.
The additional attacks SWIFT disclosed do not include others that have already come to light since the Bangladesh Bank heist.
Thieves stole US$250,000 from Bangladesh's Sonali bank in 2013. More than US$12 million was stolen from Ecuador's Banco del Austro in 2015. Vietnam's Tien Phong Bank said in May that it foiled an attempt to steal money via SWIFT.