Recently two international operating banks have faced severe malware attacks through their internal SWIFT messaging system. Attacks though malicious software is nothing new but the way criminals were able to gain access to the SWIFT network raises serious questions about cyber-security. We have asked INFORM’s cyber security expert Wiebe Fokma on his take on implementing measures to strengthen the systems' security.
In your opinion, how likely will European banks become victims of SWIFT attacks?
The likelihood that European banks will also be targeted by these types of fraudulent attacks is substantial. The method that has been used for making a SWIFT attack is nothing new. For the last two-three years, we have seen several many attempts of trying to infiltrate financial systems and do so with some success (see JP Morgan 2014). Until now cyber criminals have primarily targeted other types of business, such as e-Commerce. Today hackers are focusing more on sophisticated malware technology to attack specific parts of the financial system.
How are cyber criminals succeeding in hacking banks in developed countries vs. banks in developing countries?
Detecting infiltrated computer systems is very difficult. Hackers are skilled people and they are constantly refining their tactics to make it even harder for system administrators to find malware inside a complex environment like a bank. This is especially true at larger institutions, like in Europe, were payment operations has been fully automated and optimized. The systems can become more vulnerable from these new type of targeted attacks.
SWIFT is expected to improve its security measures. How can banks protect themselves from hacks?
We would recommend a four step approach in order to secure the banking environment for these targeted attacks.
- Intrusion Detection: The first step would be intrusion detection. Intrusion detection systems monitor the network and system activities for malicious activities or policy violations. It helps the bank to detect the first activities of unknown processes or software, and alert the system administrators if there are any intrusions within their infrastructure.
- Payment Integrity Monitoring: The second process to deploy would be payment integrity monitoring. By implementing this process, any unauthorized changes in a payment instruction or unauthorized insertion of a payment instruction into the system will be automatically flagged and stopped by the monitoring tool. This makes it virtually impossible to successfully conduct a fraudulent SWIFT attack like we have seen recent months.
- Two-step Verification: Another way to improve the security of SWIFT payment would be to implement a two-step verification process in order to access the SWIFT account. This additional layer of security would require an extra verification code in which the code could be sent by either SMS or email. This extra verification along with user inputting their username and password would greatly help to decrease potential fraud. In addition, this same method could also be used to verify unusual transactions (e.g. newly used accounts), which we cover in our next security step: Behavioral Analytics.
- Behavioral Analytics: And finally, we would recommend the use of technology like machine learning and behavioral analytics. This technology will create a self-learning profile around the bank's SWIFT behavior. It can detect unusual transactions, for example a new beneficiary account or any other abnormal instructions in the payment details. Any unusual patterns in the daily SWIFT traffic could be easily detected and blocked before any funds would be wired out of the network.
For more information about behavioral analytics please watch our 2 minute video on multi-channel fraud prevention.