A global money transfer network used by banks, has suffered
gaps in security standards that have resulted in at least three breaches
– in Vietnam, Bangladesh and Ecuador, according to The Wall Street Journal.
The hackers were able to gain access to Swift access codes and deliver authenticated yet fraudulent fund transfer requests. The network did not become aware of the incidents in Ecuador or Vietnam until after the fact. Hackers stole $9 million from an Ecuador lender last year and $81 million from the central bank of Bangladesh in February.
A former Swift official said the network has known its user connections are its weakest link and is in need of improvement. Leonard Schrank, who served as chief executive until 2007 after 15 years in that role, said the breaches are a big wake up call.
A Swift board committee is examining ways to support users’ efforts to secure systems and share information about cyber threats. The network has repeatedly said that its messaging network has not been infiltrated and that the attacks are on account of problems with users’ security.
A Swift spokesperson said the management of local systems, credentials and authorization is the customers’ responsibility.
The customer notice indicates Swift is addressing the threat, Schrank said. An additional step would be to have an “anomaly detector” that would delay suspect message traffic until it can be confirmed. Another option would be to require a stronger separation between Swift systems and banks’ networks.
The hackers were able to gain access to Swift access codes and deliver authenticated yet fraudulent fund transfer requests. The network did not become aware of the incidents in Ecuador or Vietnam until after the fact. Hackers stole $9 million from an Ecuador lender last year and $81 million from the central bank of Bangladesh in February.
A former Swift official said the network has known its user connections are its weakest link and is in need of improvement. Leonard Schrank, who served as chief executive until 2007 after 15 years in that role, said the breaches are a big wake up call.
Swift Alerts Users To Threat
Swift, in response to the thefts, urged users in a memo Friday to improve security and reminded them they are required to inform the network immediately of any suspected fraud.A Swift board committee is examining ways to support users’ efforts to secure systems and share information about cyber threats. The network has repeatedly said that its messaging network has not been infiltrated and that the attacks are on account of problems with users’ security.
A Swift spokesperson said the management of local systems, credentials and authorization is the customers’ responsibility.
The customer notice indicates Swift is addressing the threat, Schrank said. An additional step would be to have an “anomaly detector” that would delay suspect message traffic until it can be confirmed. Another option would be to require a stronger separation between Swift systems and banks’ networks.
Комментариев нет:
Отправить комментарий