SWIFT report gives new insights into cyber threats

Published 

 

  • Attackers adjust Modus Operandi and fraudulent payment profiles
  • Increased vigilance enables early fraud detection
  • SWIFT’s information sharing initiative continues to deliver results

Brussels – SWIFT today publishes a new cyber report, ‘Three years on from Bangladesh: tackling the adversaries’, providing new insights into the evolving nature of the cyber threats facing the global financial community. 

Key findings show that:

  • Four out of every five of all fraudulent transactions were issued to Beneficiary accounts in South East Asia
  • Approximately 70 per cent of attempted thefts were USD-based – but usage of European currencies increased
  • The value of each individual attempted fraudulent transaction decreased dramatically – from more than USD$10m to between USD$250,000 and USD$2m

Three years after the cyber attack on Bangladesh Bank, and the subsequent launch of SWIFT’s Customer Security Programme (CSP), SWIFT’s study of cyber attacks on banks evidences how efforts to promote robust cyber security standards, the introduction of security-enhancing tools and an increase in the scope and quality of cyber threat intelligence sharing, are paying off.

Based on investigations conducted over the last 15 months, the report shows how closer industry collaboration resulted in the quick identification of financial institutions targeted by cyber criminals – in most cases, before attackers were even able to generate fraudulent messages. In particular, the exchange of relevant and timely cyber threat intelligence has proved critical in effectively detecting and preventing attacks.

Dries Watteyne, Head of Cyber Security Incident Response Team at SWIFT, said: “SWIFT’s threat intelligence sharing has highlighted the changes to cyber criminals’ tactics, techniques and procedures used in attempted attacks, enabling industry participants to understand and respond to the increasingly sophisticated nature of cyber threats. In this report, SWIFT reveals important information about the evolving payment profile to enable more accurate detection through business indicators. It is encouraging that detection rates of attempted attacks are increasing, but we need to be mindful that malicious actors adapt rapidly. The industry must continuously strengthen and diversify its defences, investigate incidents and share information.”

Brett Lancaster, Head of Customer Security, said: “These cases show how SWIFT solutions including our Daily Validation Reports tool, our Payment Controls Service and the gpi Stop and Recall facility can all have real, positive impact. They also evidence the importance of implementing security controls and of understanding and mitigating against cyber risks presented by counterparties. This is why more and more customers are turning to SWIFT’s KYC-Security Attestation utility to consume that information.”

The report also reveals:

  • Extended reconnaissance periods: attackers continue to operate ‘silently’ for weeks or months after penetrating a target, learning behaviours and patterns before launching an attack.
  • Timings are shifting: malicious actors previously favoured issuing fraudulent payments outside business hours to avoid detection but have more recently turned this approach on its head, acting during business hours to blend in with legitimate traffic.
  • New payment corridors: the vast majority of fraudulent transactions investigated over the past 15 months used payment corridors (combinations of target and beneficiary banks) that had not been used during the previous 24 months.

The report recommends the:

  • Development of new defensive measures: the development and deployment of security-enhancing innovations will help thwart cyber thieves.
  • Increase of information sharing: the more information the community shares and the frequency with which it shares, the better chance of avoiding or fending off an attack.
  • Adherence to robust cyber security standards: ensuring strict adherence to strong standards and implementing controls is key to prevention and detection.
  • Consumption of counterparty cyber security data: users should incorporate the assessment of counterparties’ attestation data against SWIFT’s Customer Security Controls Framework into their risk management and business decision-making processes.

 

Most recent episodes

£15 Billion Stimulus Pumped into UK Economy to Ward Off Recession Fears

Welcome to the latest edition of Liquidity Link Live, your exclusive market analysis provided by Northern Trust Asset Management, one of the world’s largest cash managers. Tune in each month to discover the very latest insights on the UK, Eurozone and US markets. This edition was recorded on the 7th June...

04:44

Advantage Treasury

Eleanor Hill is joined in the virtual TreasuryCast studio by Nicolas Cailly and Philippe Penichou (Societe Generale) to look at treasury trend predictions for the remainder of 2022, with a particular focus on virtual accounts. In this deep dive into current and future treasury priorities, our guests...

24:22

40th Annual New York Cash Exchange: What Can Treasurers Expect?

Ahead of the 40th annual New York Cash Exchange, two of TMANY's distinguished board members, David Miller and Timothy T. Hesler, CTP, provide TMI CEO, Robin Page, with a quickfire rundown of what attendees can expect from this year’s conference. Our guests share their aspirations for the event, explain...

09:58

Expectation-Beating Inflation Prints Ratchet Up Pressure on Monetary Policy

Welcome to the third edition of Liquidity Link Live, your exclusive market analysis provided by Northern Trust Asset Management, one of the world’s largest cash managers. Tune in each month to discover the very latest insights on the UK, Eurozone and US markets. This edition was recorded on the 9th May...

04:48

Making the Sustainable Transition: A Roadmap to ESG in Treasury

Over the last 18 months, Societe Generale has experienced a steady increase in requests from their corporate clients to integrate ESG features in treasury management.  Louis-David Rouyer, Philippe Pougeard, and Emmanuelle Petelle (Societe Generale) provide TMI's Eleanor Hill with a whistlestop run...

22:24

Lift Off for Fed Rate Rises

Welcome to the latest edition of Liquidity Link Live, your exclusive market analysis provided by Northern Trust Asset Management, one of the world’s largest cash managers. Tune in each month to discover the very latest insights on the UK, Eurozone and US markets. This edition was recorded on the 5th of...

04:58

Treasury in 2022 and Beyond

Industry experts Bob Stark (Kyriba) and Sebastian di Paola (PwC) join TMI's Editor, Eleanor Hill, to explore the very latest treasury trends - and to discuss how smart treasurers can get ahead of th...

43:21

How BearingPoint Harnessed Data-Driven Forecasting with CashAnalytics and SAP

Listen back to our recent forecasting masterclass, where Group Treasurer Eveline Stam, and Conor Deegan (CashAnalytics) provided TMI's Eleanor Hill with a comprehensive overview of how consultancy firm BearingPoint achieved company-wide cash forecasting nirvana by combining specialist solutions from...

37:14

The 3 T’s of The Future: Tech, Treasury, and Transformation

Over the past two years, an increasingly dynamic environment has not only accelerated technology development – from quantum computing to blockchain technology, and even the metaverse – but also technology adoption, bridging colleagues and breaking down silos in a remote work world. In this podcast,...

44:02

Monetary Policy Continues to Drive Markets as Ukraine Invasion Weighs on March Meetings

Welcome to the second edition of Liquidity Link Live, your exclusive market analysis provided by Northern Trust Asset Management, one of the world’s largest cash managers. Tune in each month to discover the very latest insights on the UK, Eurozone and US markets. This edition was recorded on the 3rd of...

05:25