Over ten thousand banks and financial institutions are being urged to remain vigilant after the secure Swift (Society for Worldwide Interbank Financial Telecommunication) system – used to send messages between global firms – was reportedly compromised by the sophisticated hacking scheme that targeted the Bangladesh central bank in March 2016.
The news comes after security researchers at British defence contractor BAE Systems claimed to have uncovered a stealthy piece of malware used in the Bangladesh attack, which resulted in the loss of $81m (£56m, €71m). Previously, investigators said that cybercriminals broke into the bank's computer networks to steal vital access credentials. However, fresh research claims that Swift was also likely compromised during the hack in order to erase records of malicious financial transfers.
Natasha Deteran, a spokesperson for the Brussels-based Swift, told Reuters an emergency software update was imminent. Additionally, a 'special warning' will be issued telling financial firms to analyse their current security procedures.
The update, Deteran said, was being issued to "assist customers in enhancing their security and to spot inconsistencies in their local database records". However, she maintained the malware uncovered had "no impact" on the core messaging services.
"While we keep all our interface products under continual review and recommend that other vendors do the same, the key defence against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems," she added. The Swift messaging platform is used by 11,000 banks and other institutions around the world and is a co-operative owned by 3,000 financial institutions.
In an in-depth analysis released on 25 April, BAE researchers unleashed evidence that malware uncovered from the Bangladesh incident was used to 'manipulate' a Swift client known as 'Alliance Access'. This has led to mounting concerns that existing vulnerabilities in the messaging software mean other systems may be susceptible to hacking attempts.
"The analysed sample allows a glimpse into the toolkit of one of the team in well-planned bank heist," said Sergei Shevchenko, cyber threat researcher with BAE Systems. "This malware was written bespoke for attacking a specific victim infrastructure, but the general tools, techniques and procedures used in the attack may allow the gang to strike again. All financial institutions who run SWIFT Alliance Access and similar systems should be seriously reviewing their security now to make sure they too are not exposed."
According to Shevchenko the attackers put "significant effort" into deleting evidence of their intrusion however admitted that many pieces of the puzzle are still missing, including how the attackers sent the fraudulent transfers, how the malware was implanted into the banks system and the actual identity of the culprits.
The initial breach at the Bangladesh central bank occurred in early February as criminals orchestrated a scheme to steal a massive $951m from the banks account at the Federal Reserve in New York. In the subsequent probe, officials from the victimised bank have lashed out at Swift for not doing enough to stop the hacking. "It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," asserted Mohammad Shah Alam, chief investigator on the case.
However, officials at the bank also came under criticism after it was revealed the institution's computer security was so lax it did not even have a firewall in place to fend off cyberattacks. Furthermore, reports indicated the routers used to connect to the secure Swift system were cheap second-hand devices that cost as little as $10 (£7).