US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government

US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT

Following the theft of millions of dollars from Bangladesh Bank via the international financial messaging system SWIFT, US banking regulators have outlined steps to tighten cyber-security at the nation's banks.

8 Steps To Building A Successful Cyber-Security Career
8 Steps To Building A Successful Cyber-Security Career
(Click image for larger view and slideshow.)

US banking regulators issued a joint letter outlining ways they would tighten cyber-security around the nation's banks that interact with the international financial messaging system SWIFT.

The letter, according to The Wall Street Journal, was sent Wednesday to Rep. Carolyn Maloney (D-NY), who serves on the House Financial Services Committee and who raised questions regarding the massive $81 million cyberheist from Bangladesh Bank in February.

That attack apparently built on similar attacks against a bank in Ecuador in January last year and a Vietnam commercial bank in December, which also communicated with SWIFT, noted The Journal.     

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, does not reportedly have the vulnerability itself in its system, but rather cyber-criminals have been exploiting vulnerabilities found in the way banks initiate their funds transfer process with SWIFT.


(Image: Ivan Bliznetsov/iStockphoto)

(Image: Ivan Bliznetsov/iStockphoto)

The letter, according to The Journal, was signed by the Federal Reserve, the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC) and carried a timeline.

  • May 18: The FDIC issued an internal SWIFT threat alert and instructed examiners to conduct an "expanded review of cyber controls related to SWIFT or any wholesale payment system at future examinations."
  • May 25: The Federal Reserve disseminated an internal alert to Fed banking supervisors requesting that institutions that dealt with SWIFT were adequately finding ways to address cyberthreats.
  • June 1: The FDIC issued guidance to banks regarding mitigation steps the institutions could take to avoid malware that targeted SWIFT software and to avoid cyberthreats.
  • June 7: Bank regulators issued reminders to financial institutions to actively monitor risks associated with their interbank messaging systems. Bank regulators also told examiners within their own ranks to keep a closer eye on these issues regarding the banks that they supervised.
  • July 21: The OCC issued a "supervision tip" to its examiners. These types of tips are considered rare and are meant to delve into the background of an issue and provide recommended steps for action.

In addition to the letter banking regulators sent to Maloney, in June a congressional committee launched a probe into the way the Federal Reserve Bank in New York handled the massive heist, according to a CNBC report. The New York Fed maintains accounts for the Bangladesh Bank.

[See 10 Hot Security Technologies Enterprises Need Now.]

Senior representatives from the New York Fed, Bangladesh Bank, and SWIFT met in New York to continue to discuss the cybertheft at India's central bank. The group issued a statement on Tuesday, saying:        

The parties discussed certain technical details of the February event to enhance their mutual understanding of how the fraud occurred, and further discussed steps that have been and will be taken to remediate the event and place Bangladesh Bank's account at the New York Fed on a path to more normalized long-term operations. The participants remain concerned about this event and recommitted to working together to recover the entire proceeds of the fraud as expeditiously as possible, bring the perpetrators to justice in cooperation with law enforcement from other jurisdictions, and lend support to multilateral international efforts to further protect the global financial system from these types of attacks in the future.

In addition to the issue of millions of dollars that were taken, concerns arose that the cyber-criminals may also be potentially willing to engage in physical violence. A cyber-security researcher investigating the Bangladesh Bank heist was abducted and found a week later wandering the streets, according to an International Business Times report.   

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michelle
50%
50%
Michelle,
User Rank: Ninja
8/29/2016 | 10:46:59 PM
Re: Good first step
I hope it thwarts future multi-million dollar fraud attempts. The whereabouts of the last batch of stolen cash have yet to be revealed and may never be told.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/26/2016 | 8:03:29 PM
Re: Good first step

Not sure how I feel about this.  This seems be  a plea for safeguarding banks, not something I am terribly concerned with. 

Michelle
50%
50%
Michelle,
User Rank: Ninja
8/26/2016 | 1:27:13 PM
Good first step
I'm very glad to see an interest in increasing cyber security around SWIFT. It's disappointing to know this sort of thing could happen in the first place. Millions of dollars are now missing.
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll