Hackers getting smarter in their attacks on global bank transfer system — Swift

London/Boston — Cyber hackers attacking the global bank transfer system have kept stealing funds since February’s heist of $81m from the Bangladesh central bank as their tactics become more sophisticated.

That’s according to an official of the Swift messaging network and a previously undisclosed letter it sent to banks worldwide on November 2.

Swift warned banks of threat to their systems rising. The attacks and new hacking tactics underscore the continuing vulnerability of the Swift messaging network, which handles trillions of dollars in fund transfers daily.

"The threat is very persistent, adaptive and sophisticated — and it is here to stay," Swift said in the letter to client banks, seen by Reuters.

The disclosures provide fresh evidence that Swift remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York.

The unprecedented cyber theft prompted regulators around the globe to tighten bank-security requirements, amid a global investigation by the FBI, Bangladesh authorities and Interpol.

Customer security head at Swift Stephen Gilderdale said banks using the Swift network, including central and commercial banks, had been hit by a "meaningful" number of attacks, about a fifth of them resulting in stolen funds, since the Bangladesh heist.

Swift, a Belgium-based co-operative owned by user banks, previously disclosed hacks of three Swift users since February, but said funds were not lost.

In its letter, Swift warned customers that hackers have refined their methods for compromising local bank systems. One new tactic involved using software enabling technicians to access computers to provide technical support.

"We unfortunately continue to see cases in which some of our customers’ environments are being compromised" by thieves who then send fraudulent payment instructions through the Swift network, the same sort of messages used to steal Bangladesh Bank funds.

A top police investigator in Dhaka said on Monday Bangladesh central bank officials exposed its computer systems, facilitating the theft, but did not name them or say how many there were. Mohammad Shah Alam, head of criminal investigation at the Forensic Training Institute of the Bangladesh, said arrests were likely soon.

This is the first sign that investigators have a firm lead in one of the world’s biggest cyber heists. Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam’s comments. A New York Fed spokeswoman also declined comment.

Information sharing

Gilderdale would not name victims of more recent attacks or say how much was stolen, but said the number of attempted heists was "meaningful".

"In all of these cases, attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers," he said.

Intrusions were detected in a variety of ways, Gilderdale said. In some cases, clients’ antivirus software identified malware. In others, a new feature on Swift software alerted Swift directly on attempted manipulation of a client’s system. In one case, a financial regulator told Swift about an attempted attack.

Gilderdale said that despite new thefts, Swift believed the system was becoming more secure.

"In 80% of the cases that we are aware of and where we have completed investigations, a fraud has not actually ended up taking place," he said. "I personally am very pleased with the progress that we are making."

Successful bank hackings were too rare to say whether an 80% success rate was good or bad, Ben Caudill, a cyber security consultant with Rhino Security Labs in Seattle, said.

In its letter, Swift said: "There are likely to be multiple groups of cyber attackers attempting to compromise customer environments. There has been an evolution in the modus operandi, signifying that attackers are further adapting their methods."

Gilderdale said it was impossible to say for sure if the rate of attacks was increasing because previously Swift did not track or get information from clients about incidents.

Swift said that in all cases, infiltration involved customers’ Swift interfaces and that its own central communications network had not been compromised.

The additional attacks Swift disclosed to Reuters excluded others that had already come to light since the Bangladesh Bank heist.

Thieves stole $250,000 from Bangladesh’s Sonali bank in 2013. More than $12m was stolen from Ecuador’s Banco del Austro in 2015. Vietnam’s Tien Phong Bank said in May that it foiled an attempt to steal money via Swift.

Reuters/Tom Bergin and Jim Finkle