US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT

Following the theft of millions of dollars from Bangladesh Bank via the international financial messaging system SWIFT, US banking regulators have outlined steps to tighten cyber-security at the nation's banks.

8 Steps To Building A Successful Cyber-Security Career
8 Steps To Building A Successful Cyber-Security Career
(Click image for larger view and slideshow.)

US banking regulators issued a joint letter outlining ways they would tighten cyber-security around the nation's banks that interact with the international financial messaging system SWIFT.

The letter, according to The Wall Street Journal, was sent Wednesday to Rep. Carolyn Maloney (D-NY), who serves on the House Financial Services Committee and who raised questions regarding the massive $81 million cyberheist from Bangladesh Bank in February.

That attack apparently built on similar attacks against a bank in Ecuador in January last year and a Vietnam commercial bank in December, which also communicated with SWIFT, noted The Journal.     

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, does not reportedly have the vulnerability itself in its system, but rather cyber-criminals have been exploiting vulnerabilities found in the way banks initiate their funds transfer process with SWIFT.

(Image: Ivan Bliznetsov/iStockphoto)

(Image: Ivan Bliznetsov/iStockphoto)

The letter, according to The Journal, was signed by the Federal Reserve, the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC) and carried a timeline.

  • May 18: The FDIC issued an internal SWIFT threat alert and instructed examiners to conduct an "expanded review of cyber controls related to SWIFT or any wholesale payment system at future examinations."
  • May 25: The Federal Reserve disseminated an internal alert to Fed banking supervisors requesting that institutions that dealt with SWIFT were adequately finding ways to address cyberthreats.
  • June 1: The FDIC issued guidance to banks regarding mitigation steps the institutions could take to avoid malware that targeted SWIFT software and to avoid cyberthreats.
  • June 7: Bank regulators issued reminders to financial institutions to actively monitor risks associated with their interbank messaging systems. Bank regulators also told examiners within their own ranks to keep a closer eye on these issues regarding the banks that they supervised.
  • July 21: The OCC issued a "supervision tip" to its examiners. These types of tips are considered rare and are meant to delve into the background of an issue and provide recommended steps for action.

In addition to the letter banking regulators sent to Maloney, in June a congressional committee launched a probe into the way the Federal Reserve Bank in New York handled the massive heist, according to a CNBC report. The New York Fed maintains accounts for the Bangladesh Bank.

[See 10 Hot Security Technologies Enterprises Need Now.]

Senior representatives from the New York Fed, Bangladesh Bank, and SWIFT met in New York to continue to discuss the cybertheft at India's central bank. The group issued a statement on Tuesday, saying:        

The parties discussed certain technical details of the February event to enhance their mutual understanding of how the fraud occurred, and further discussed steps that have been and will be taken to remediate the event and place Bangladesh Bank's account at the New York Fed on a path to more normalized long-term operations. The participants remain concerned about this event and recommitted to working together to recover the entire proceeds of the fraud as expeditiously as possible, bring the perpetrators to justice in cooperation with law enforcement from other jurisdictions, and lend support to multilateral international efforts to further protect the global financial system from these types of attacks in the future.

In addition to the issue of millions of dollars that were taken, concerns arose that the cyber-criminals may also be potentially willing to engage in physical violence. A cyber-security researcher investigating the Bangladesh Bank heist was abducted and found a week later wandering the streets, according to an International Business Times report.   

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll