New Malware Found In Swift Network, Based Banks Are On Risk

Alert! New Malware Found In Swift Network, Based Banks Are On Risk. 

The Society for Worldwide Interbank Financial Telecommunication  which is known as SWIFT exposure that another bank was offended as utilizing the same modules of operands as that in the Bangladesh bank that Cyber attack has the security industry considering the system of SWIFT is still probably vulnerable to another attack.

• Vietnam’s Tien Phong Commercial Joint Stock Bank said, it was the target of a computer attack where hackers tried to steal more than $1.13 million through the bank’s connection to the Swift interbank messaging system,  Reuters.
• SWIFT has issued a notice to all its customers about a newly identified malware found in a customer’s environment.
• Malware was used to target the PDF reader application used by the customer to read user generated PDF reports of payment confirmations. 

According to a SWIFT statement,

The second event aimed an unidentified commercial bank where malware established on the messaging system of SWIFT was utilized against the banks' secondary controls and in this case a PDF reader that is used by the bank to verify the statement of messages. Then SWIFT wrote to its customers that the malware deleted any kind of sign of the attack. And the fact that has a second event which has taken place is a sign to security experts that doesn't matter what fix was implemented was unsuccessful as well as the flaw may still exist.

ESET Senior Security Researcher Stephen Cobb told to SCMagzine that
“News of another incident in which malware was apparently used to cover the tracks of unauthorized banking instructions transmitted by the SWIFT network suggests remediation efforts following February's $81 million Bangladesh reserve bank heist have so far been inadequate.”

SWIFT said to its customers which have to step up their game as well as put in place better security.

"In both instances, the attackers have exploited vulnerabilities in banks funds' transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process.”

In February, attackers hacked the system of Bangladesh bank by whom they stealing the credentials which are required to approve the payment that transfer from the country's financial reserves in the Federal Reserve Bank of New York to fake accounts which are based in the Philippines and Sri Lanka.

The part of the issue is justifying this problem is that none of those occupied are accurately convinced how the attack happened or at least that have not said so openly. SWIFT made it as an extensive comment that it could have been done by an outside gang or on the other hand, it could be inside job. The financial messaging service did provide a few compact details on what become known to saying the hacker cooperated with the environment of the bank by acquiring applicable operator credentials as well as submitting the fake messages by imitating the people from whom the credentials were stolen.

Swift wrote that “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”

Cobb also added that the issue regarding the malware arises at the heart of the problem which has already it should have been patched and its banking partners.

And he said, “Given that hundreds of millions of dollars are potentially in play with this type of attack, the presence of malware used to obscure transactions should have been dealt with right away, at every participating institution. The abuse of credentials on the system, seemingly essential to initiating the fraudulent messages that move money, should also have been addressed by now.”

Any other security attorneys considered in with some steps that could be in use to fix the problem at hand as well as that should be integrated to prevent from the future transactions on the system of SWIFT. This system involved the adding two-factor authentication into the system, relying less on the element of human which is involved in creating the system of SWIFT work and updating the SWIFT software.

Whereas Brad Bussie who is the director of product management at STEALTHbits Technologies said in an email that “Initiation of transfers is still based on trust. The bank is trusting that the user/batch is who they say they are. The problem is that we seem to be missing a key mitigation strategy here; Multi-factor authentication. The attack could have been thwarted with a simple process of authentication using something you have, something you know, and something you are.”

Wim Remes who is also the manager of Rapid7 manager in strategic services, EMEA, told in an email that SWIFT as well as the banks every have to make changes.

Remes said, “The reality is that most likely an upgrade of the SWIFT software would be needed for all clients and potentially changes on the operating system level as well. Between now and the time that every participant in the SWIFT network has gone through this process there is always a risk that one of the participants will be hacked.”

SWIFT again put the best part of the onus to fix the problem on the banks and the members of the bank saying that they should rapidly make sure that their endpoints are protected.

Cobb approved with this stance saying that any bank could be an objective of this type of attack if it exploits the SWIFT as well as it does not implement tight control over its own banking credentials as well as it continues the system integrity.

Dave Amsler who is the president, as well as the founder of Raytheon Foreground Security, said that sitting back and just playing defense is one more fault which being made. He noticed that the advanced systems utilized by the attackers that are continuously making modifications to their malware to hit the fixed the security of software.

And finally, he said, “There is only one way to find the most sophisticated, damaging cyber threats within a network: proactively hunt for them.”