US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT - InformationWeek
IoT
IoT
Government
News
8/26/2016
08:06 AM
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT

Following the theft of millions of dollars from Bangladesh Bank via the international financial messaging system SWIFT, US banking regulators have outlined steps to tighten cyber-security at the nation's banks.

8 Steps To Building A Successful Cyber-Security Career
8 Steps To Building A Successful Cyber-Security Career
(Click image for larger view and slideshow.)

US banking regulators issued a joint letter outlining ways they would tighten cyber-security around the nation's banks that interact with the international financial messaging system SWIFT.

The letter, according to The Wall Street Journal, was sent Wednesday to Rep. Carolyn Maloney (D-NY), who serves on the House Financial Services Committee and who raised questions regarding the massive $81 million cyberheist from Bangladesh Bank in February.

That attack apparently built on similar attacks against a bank in Ecuador in January last year and a Vietnam commercial bank in December, which also communicated with SWIFT, noted The Journal.     

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, does not reportedly have the vulnerability itself in its system, but rather cyber-criminals have been exploiting vulnerabilities found in the way banks initiate their funds transfer process with SWIFT.


(Image: Ivan Bliznetsov/iStockphoto)

(Image: Ivan Bliznetsov/iStockphoto)

The letter, according to The Journal, was signed by the Federal Reserve, the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC) and carried a timeline.

  • May 18: The FDIC issued an internal SWIFT threat alert and instructed examiners to conduct an "expanded review of cyber controls related to SWIFT or any wholesale payment system at future examinations."
  • May 25: The Federal Reserve disseminated an internal alert to Fed banking supervisors requesting that institutions that dealt with SWIFT were adequately finding ways to address cyberthreats.
  • June 1: The FDIC issued guidance to banks regarding mitigation steps the institutions could take to avoid malware that targeted SWIFT software and to avoid cyberthreats.
  • June 7: Bank regulators issued reminders to financial institutions to actively monitor risks associated with their interbank messaging systems. Bank regulators also told examiners within their own ranks to keep a closer eye on these issues regarding the banks that they supervised.
  • July 21: The OCC issued a "supervision tip" to its examiners. These types of tips are considered rare and are meant to delve into the background of an issue and provide recommended steps for action.

In addition to the letter banking regulators sent to Maloney, in June a congressional committee launched a probe into the way the Federal Reserve Bank in New York handled the massive heist, according to a CNBC report. The New York Fed maintains accounts for the Bangladesh Bank.

[See 10 Hot Security Technologies Enterprises Need Now.]

Senior representatives from the New York Fed, Bangladesh Bank, and SWIFT met in New York to continue to discuss the cybertheft at India's central bank. The group issued a statement on Tuesday, saying:        

The parties discussed certain technical details of the February event to enhance their mutual understanding of how the fraud occurred, and further discussed steps that have been and will be taken to remediate the event and place Bangladesh Bank's account at the New York Fed on a path to more normalized long-term operations. The participants remain concerned about this event and recommitted to working together to recover the entire proceeds of the fraud as expeditiously as possible, bring the perpetrators to justice in cooperation with law enforcement from other jurisdictions, and lend support to multilateral international efforts to further protect the global financial system from these types of attacks in the future.

In addition to the issue of millions of dollars that were taken, concerns arose that the cyber-criminals may also be potentially willing to engage in physical violence. A cyber-security researcher investigating the Bangladesh Bank heist was abducted and found a week later wandering the streets, according to an International Business Times report.   

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michelle
50%
50%
Michelle,
User Rank: Ninja
8/29/2016 | 10:46:59 PM
Re: Good first step
I hope it thwarts future multi-million dollar fraud attempts. The whereabouts of the last batch of stolen cash have yet to be revealed and may never be told.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/26/2016 | 8:03:29 PM
Re: Good first step

Not sure how I feel about this.  This seems be  a plea for safeguarding banks, not something I am terribly concerned with. 

Michelle
50%
50%
Michelle,
User Rank: Ninja
8/26/2016 | 1:27:13 PM
Good first step
I'm very glad to see an interest in increasing cyber security around SWIFT. It's disappointing to know this sort of thing could happen in the first place. Millions of dollars are now missing.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll