Banks urged to tighten security as hacks continue

“These weaknesses have been identified and exploited by the attackers, enabling them to compromise the [banks’] local”, networks and send fraudulent messages over the SWIFT messaging system, the organization said.

On Tuesday, the Society for Worldwide Interbank Financial Telecommunication, more commonly called SWIFT, notified customers of “ongoing attacks”.

Since SWIFT is only a software maker, it can not force any of the financial institutions to deploy better security on their networks.

Swift has been on a mission to get members to bolster security following a US$ 81 million (£62 million) cyber-heist from the Bank of Bangladesh and attacks on other Asian banks.

“The threat is persistent, adaptive and sophisticated – and it is here to stay”, Swift said.

But it seems at though SWIFT has detected a spike in attacks against the network since the online thieves came close to stealing almost a billion dollars from the account belonging to the Central Bank of Bangladesh earlier this year.

Numerous attacks have been thwarted, Swift said in a letter to customers dated August 30, either by correspondents stopping suspicious messages or as a result of tightened customer security processes implemented with Swift’s help.

“These, used in combination with stolen user credentials, pose a significant challenge to traditional security systems, which are no longer adequate to deal with the threat”, said Oerting.

The letter also did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.

SWIFT did not say how many new attacks had been discovered. “Within the vulnerable protocol, there was no uniform way to consistently bolt-on a means to verify that the initiator of the transfer is truly that whom they say they are”, Sprickerhoff said. The bank even lacked a basic firewall and used second-hand electronic switches to network those computers. But it has been hard for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.

The Federal Reserve and other USA agencies told banks in June to review protections against fraudulent money transfers. “Until SWIFT and their customers figure out together a way to prevent these hacks, they will continue and faith in the global banking system will continue to suffer”.

Among other cases of fraudulent transfer requests are the theft of more than $12 million from Ecuador’s Banco del Austro and a failed attempt to steal money from Vietnam’s Tien Phong Bank.

Six U.S. senators on Monday urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions”.