SWIFT cyber-threats - Who, What, and Why
Back in 2016, one of the largest cyber-heists played out. The Bangladesh Bank’s IT system was hacked; an attempt to illegally transfer almost USD $1 billion was made. The cyber-attack focused on exploiting the SWIFT messaging system, the fraudsters sending out spoof payment messages across the SWIFT network. In the end, the hackers got away with around USD $101 million, the rest being blocked by the Federal Reserve Bank of New York.
The SWIFT network is huge, with 36.73 million messages daily, as of October 31, 2019.
With this level of traffic, the verification of payment and due diligence across parties is highly complex. Anything that is this complex has the potential to be exploited. And, cyber-criminals are nothing if not inventive. Hackers look for all means of entry to subvert a system. SWIFT’s vast payment messaging network is one such focal point.
EastNets recently published a survey “How Banks are Combating Cyber Attacks on Their Payments” that looks at the risk landscape that fraudsters can target within the SWIFT payment network. In this first in a series of articles, we explore the details of that survey, looking at the who, what, and why of payment-focused cyber-attacks.
Fraud Targeting SWIFT Payments
The EastNets survey was based on data from 200 banks in the U.S., Europe, UK, Asia-Pacific, Scandinavia, Gulf Cooperation Council countries (GCC), and Eastern Europe (including Russia). Ranging in organization size from USD $1 billion to $500 billion+, those surveyed included Chief Information Security Officers, Chief Risk Officers, and Chief Technology Officers; around 20% of respondents were heads of payments of their direct reports.
Collected in the summer of 2019, the data describes the experiences of the banks in terms of payment fraud and security from 2016 to the date of the survey. The EastNets findings offer an insight into the world of cyber-crime as applied to financial transactions across SWIFT payments.
Two-thirds of survey respondents told EastNets of increasing cyber-attacks that focused on SWIFT payments. The vast majority were hacking attacks, with over 80% of banks being targeted. One of the most worrying insights from the survey was that these threats, whilst overwhelming, were not being taken seriously. Here, we look at who the cyber-criminals are targeting, and the types of cyber-attacks being carried out.
EastNets Survey: Who, Where, Why
The details of the EastNets survey show a glimpse into the focus of the fraud carried out by exploiting SWIFT payments:
Size of bank:
Size matters, but only a little. In terms of cyber-attack occurrence, 88% of smaller banks (USD$1 billion-10 billion) saw increasing cyber-attacks over the period. Whereas 60% of larger banks (USD $100 billion+) reported an increase in cyber-crime.
The EastNets survey demonstrated that cyber-criminals are cross-jurisdictional in their endeavor to commit payment fraud. EastNets researchers found that 60% of banks in the U.S. and between 81-85% of banks in Europe have been targeted by cyber-criminals attempting to exploit SWIFT payments. This figure reaches 90% in GCC countries and a staggering 100% in Asia-Pacific.
Who is carrying out the attacks?
The EastNets report discussed how seven hacking groups have been identified as being behind most of the SWIFT payment-focused attacks. It was also noted that the proceeds of successful payment fraud, around USD $2 billion, is likely funding North Korea’s weapons program.
Types of attacks
The majority of cyber-attacks on a financial institutions SWIFT Payments were cyber and external. However, of the 200 banks surveyed, 1 in 7 (14%) experienced an insider attack from an employee or contractor working at the bank. This number increased to 17% in Asia-Pacific. The implications of the insider element, whilst seemingly small in comparison to external attacks, casts a long shadow. As the report points out, an issue that may impede protective measures is from:
“banking leaders who believe SWIFT fraud is never committed from within.”
Why Swift payments are at Risk?
As mentioned at the start of this article, the SWIFT payment network is massive. Hackers are also highly creative. In a SWIFT publication “The Evolving Cyber Threat to the Banking Community” they point out:
“adversaries are prepared to invest considerable time in planning and preparing for attacks.”
Advanced and persistent cyber-attacks are prevalent across all industries. However, the lure of large financial payouts, through SWIFT payment platform exploitation, is too much to resist, as is evidenced by the EastNets report findings. Payment messages are a honeypot to the cyber-criminal. The vast network of payments and the huge number of daily transactions create a behemoth of an attack surface. It is under these conditions that SWIFT payment messages become vulnerable. This is why extra vigilance must be adhered to when using your SWIFT payment messaging protection.
The EastNets survey shows that attacks against the SWIFT payment network need to be taken seriously; in our next article in the series, we will start to look into SWIFT’s Customer Security Program (CSP). We will explore how this framework can be shored up by a process involving collaboration, detection, and, response to reduce fraud that could potentially exploit SWIFT messaging systems.
Mohammad AlKayed - Senior Information Security Engineer | EastNets®
In his function as the Senior Information Security Engineer, and head of the EastNets Security department, Mohammad is responsible for developing EastNets security strategy, operations and services. He has the responsibility of complete oversight of EastNets information security function including EastNets assets globally. As the head of the security team Mohammad is actively involved in the design and deployment of EastNets security solutions to meet EastNets vision and quality standards and address EastNets customer needs. Mohammad has rich practical experience in security intelligence and operations, risk management, digital forensics, and incident response, as a result of leading major regional projects with telecommunication companies, governmental agencies, and financial institutions in the specialized area of cyber-security and information security.