Swift warns of second new malware threat
Let’s be careful out there…
Swift has warned its customers about a newly identified malware found at a “commercial bank”, which it has declined to identify.
This latest development follows yesterday’s (12 May) news where Swift rejected the allegations made by Bangladesh Bank and Bangladesh Police’s Criminal Investigation Department (CID) officials about the first cyber fraud scandal in February.
Details of the second attack — which Swift says occurred in the last few months — hint at another “highly sophisticated threat”.
Swift hasn’t revealed how much money was stolen from the bank, but says it “was not located in Bangladesh”. Swift says there is no impact on its network, core messaging services or software.
In a letter today (13 May) to its users, Swift says it has “learnt more about a second instance in which malware was used – again directed at banks’ secondary controls, but which in this instance targets a PDF Reader used by the customer to check its statement messages”.
It adds: “Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.
“In both instances, the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over Swift.”
The attackers have been able to bypass primary risk controls, and so start the “irrevocable” funds transfer process. They have also found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud.
Swift says: “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both.”
Swift asks its customers to “urgently” review controls in their payments environments, to all their messaging, payments and ebanking channels.
Banking Technology will provide more updates as and when they happen.
