SWIFT customer communication: Customer security issues
5 stars based on
The notice is set out below:. As we notified you in our earlier communications, we are aware of a small number of recent cases of fraud at customer firms. First and foremost we would like to reassure you again that the SWIFT network, core messaging services and software have not been compromised.
Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process.
The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.
As a matter of urgency we remind all customers again to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels.
This includes everything from employee checks to password protection to cyber defences. We recommend that customers consider third party assurance reviews and, where necessary, ask your correspondent banks and service bureaux to work with you on enhanced arrangements. We also urge all customers to be forthcoming when these issues occur so that the fraudsters can be tracked by the authorities, and SWIFT can inform the rest of community about any findings that may have a bearing on wider security issues.
The security and integrity of our messaging services are not in question as a result of the incidents. We will continue with our security awareness campaign, bilaterally with users and through industry forums and other appropriate channels.
We will also continue working with our overseers, with law enforcement agencies, and third party experts, and we will continue to inform you of any further information we believe that can help you detect or avert such attacks. In the earlier case we reported to you, and this particular case we can confirm that: The modus operandi of the attackers is similar in both cases:.
Attackers submit fraudulent messages by impersonating the operators from whom they stole the credentials. Attackers hide evidence by removing some of the traces of the fraudulent messages. In this new case we have now learnt that a piece of malware was used to target the PDF reader application used by the customer to read user generated PDF reports of payment confirmations.
Once installed on an infected local machine, the Trojan PDF reader gains an icon and file description that matches legitimate software. There is no evidence that the malware creates or injects new messages or alters the content of legitimate outgoing messages.
Customers that use PDF reader applications to check their confirmation messages should take particular care. Above all therefore your first priority should be to ensure that you have all preventative and detective measures in place to secure your environment.
This latest evidence adds further urgency to this work. Such measures are the best defence against such malware being installed on your local systems, and against fraudulent actions on your local infrastructure to connect to the SWIFT network. Please remember that as a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environment — starting with basic password protection practices — in much the same way as you are responsible for your other security considerations.
Whilst we issue, and have recently reminded you about, security best practice recommendations, these are just a baseline and general advice. We will continue to update you on these issues as more information becomes available to us. We would ask you to ensure that these communications reach your security officers.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11, banking and securities organisations, market infrastructures and corporate customers in more than countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
For more information, visit www. Brunswick Group LLP swift brunswickgroup. The notice is set out below: Dear SWIFT User, As we notified you in our earlier communications, we are aware of a small number of recent cases of fraud at customer firms. Preventative Controls As a matter of urgency we remind all customers again to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels.
Latest Findings In the earlier case we reported to you, and this particular case we can confirm that: The modus operandi of the attackers is similar in both cases: