A new report from SWIFT reveals the evolution of the increasingly sophisticated threats facing the global financial community
Cyber attackers are varying and adapting their methods and practises, according to a new SWIFT report, ‘Three Years on from Bangladesh: tackling the adversaries’, based on investigations conducted over the last 15 months.
Key findings from the report show:
- Four out of every five of all fraudulent transactions were issued to Beneficiary accounts in East and South East Asia
- Approximately 70 per cent of attempted thefts were USD-based – but usage of European currencies increased
- The value of each individual attempted fraudulent transaction decreased dramatically – from more than USD$10m to between USD$250,000 and USD$2m
The value of closer industry collaboration
The report evidences how efforts to promote robust cyber security standards, such as through SWIFT’s Customer Security Programme (CSP), the introduction of security-enhancing tools and an increase in the scope and quality of cyber threat intelligence sharing, are paying off.
It also shows how closer industry collaboration resulted in the quick identification of financial institutions targeted by cyber criminals – in most cases, before attackers were even able to generate fraudulent messages. In particular, the exchange of relevant and timely cyber threat intelligence has proved critical in effectively detecting and preventing attacks.
We need to be mindful that malicious actors adapt rapidly. The industry must continuously strengthen and diversify its defences, investigate incidents and share information.
Dries Watteyne, Head of Cyber Security Incident Response Team, SWIFT
An evolving matrix of threats
The report features an in-depth look at how cyber attackers are adjusting their methods to avoid detection.
For example, attackers have continued ‘silently’ operating for prolonged periods of reconnaissance to discover more about a target. After initially penetrating its defences, attackers then study behaviours and patterns for weeks, or even months, to learn more about their target’s vulnerability.
Malicious actors have also previously favoured issuing fraudulent payments outside business hours to avoid detection, but have more recently turned this approach on its head, acting during business hours to blend in with legitimate traffic.
Additionally, more fraudulent transactions are increasingly arriving from new payment corridors. In fact, the vast majority of fraudulent transactions investigated over the past 15 months used payment corridors (combinations of target and beneficiary banks) that had not been used during the previous 24 months.
Brett Lancaster, Head of Customer Security, said: “These cases show how SWIFT solutions including our Daily Validation Reports tool, our Payment Controls Service and the gpi stop and recall facility can all have real, positive impact. They also evidence the importance of implementing security controls and of understanding and mitigating against cyber risks presented by counterparties.”
Looking ahead: Key recommendations
A number of recommendations are laid out in the report to ensure the global financial community understands the nature of the changing threat it faces from cyber attacks:
- Development of new defensive measures: the development and deployment of security-enhancing innovations will help thwart cyber thieves.
- Increase of information sharing: the more information the community shares and the frequency with which it shares, the better chance of avoiding or fending off an attack.
- Adherence to robust cyber security standards: ensuring strict adherence to strong standards and implementing controls is key to prevention and detection.
- Consumption of counterparty cyber security data: users should incorporate the assessment of counterparties’ attestation data against SWIFT’s Customer Security Controls Framework into their risk management and business decision-making processes.
SWIFT ISAC Report
- Financial Crime Compliance