- Threats haven’t subsided since Bangladesh $81 million heist
- Group says victims had ‘weaknesses in their local security’
Cyber-attacks that aim to fraudulently use banks’ connections to the Swift messaging system have continued over the past few months, showing that the threat hasn’t subsided after hackers used the global service in February to steal $81 million from Bangladesh’s central bank.
Many of the attacks have been thwarted, Swift said in a letter to customers dated Aug. 30, either by correspondents stopping suspicious messages or as a result of tightened customer security processes implemented with Swift’s help. But others have succeeded.
The affected banks “shared one thing in common; they have all had particular weaknesses in their local security,” Swift said in the letter. “These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages.”
Natasha de Teran, a spokeswoman for Swift, declined to comment on whether any money was stolen in the latest attacks. The new attacks were reported earlier by Reuters.
Swift repeated in the letter that its core messaging service is secure and that the security of computers linked to the system is the responsibility of member banks. It also laid out specific priorities for how banks can protect their systems.
The group noted that customers must update their access software by mid-November and warned that if they failed to do so, it could inform regulators or bank counterparties.