Menu

A new cyber report, released today by SWIFT – the leading provider of secure financial messaging services – provides new insights into the evolving nature of the cyber threats facing the global financial community. One of the key findings of the report by the Belgium-based organisation is that the exchange of relevant and timely cyber threat intelligence has proved critical in effectively detecting and preventing fraud.

The report, titled "Three years on from Bangladesh: Tackling the adversaries," was released three years after the cyber-attack on Bangladesh Bank, where hackers stole $81 million in 2016. Cybercriminals hacked into the bank's systems and sent fake messages via SWIFT's platform to the New York Federal Reserve Bank. Only about $15 million of the stolen funds has been recovered so far.

In a statement released by SWIFT, the financial messaging services company said the subsequent launch of its Customer Security Programme (CSP), the introduction of security-enhancing tools and an increase in the scope and quality of cyber threat intelligence sharing are paying off. A study conducted by SWIFT shows that closer industry collaboration resulted in quick identification of financial institutions targeted by cybercriminals – in most cases, before attackers were even able to generate fraudulent messages.
    
Key findings of the new report shows that the value of each individual attempted fraudulent transaction has decreased dramatically, from more than $10 million to between $250,000 and $2 million. Approximately 70 per cent of attempted thefts were USD-based, although usage of European currencies has increased. Also, four out of every five of all fraudulent transactions were issued to beneficiary accounts in South East Asia.

“SWIFT’s threat intelligence sharing has highlighted the changes to cyber criminals’ tactics, techniques and procedures used in attempted attacks, enabling industry participants to understand and respond to the increasingly sophisticated nature of cyber threats,” said Dries Watteyne, Head of Cyber Security Incident Response Team at SWIFT. “It is encouraging that detection rates of attempted attacks are increasing, but we need to be mindful that malicious actors adapt rapidly. The industry must continuously strengthen and diversify its defences, investigate incidents and share information.”
           
The report also reveals extended reconnaissance periods. This means that attackers continue to operate ‘silently’ for weeks or months after penetrating a target, learning behaviours and patterns before launching an attack. The timings of attacks are also shifting. Malicious actors previously favoured issuing fraudulent payments outside business hours to avoid detection. However, they have more recently changed their approach. They now act during business hours to blend in with legitimate traffic. SWIFT also said the vast majority of fraudulent transactions investigated over the past 15 months used payment corridors (combinations of target and beneficiary banks) that had not been used during the previous 24 months.
 
SWIFT, therefore, recommends the development and deployment of new defensive measures to help thwart cyber thieves. The financial messaging services company said an adherence to robust cyber security standards is also key to prevention and detection.

“These cases show how SWIFT solutions, including our Daily Validation Reports tool, our Payment Controls Service and the gpi Stop and Recall facility can all have real, positive impact,” Brett Lancaster, Head of Customer Security at SWIFT, said. “They also evidence the importance of implementing security controls and of understanding and mitigating against cyber risks presented by counterparties.”